Cross Site Request Forgery in Admin area leads to deletion of repositories and users in ikus060/rdiffweb
Valid
Reported on
Sep 16th 2022
Description
Server accepts the GET request for deleting repositories and users which can lead to CSRF attack on repositories'.
Proof of Concept
Open the below URL after logging in to the admin account in demo site.
For deleting Repository : Replace "replace-here" with a repo name
https://rdiffweb-demo.ikus-soft.com/delete/admin/replace-here?action=&confirm=replace-here
For deleting User
https://rdiffweb-demo.ikus-soft.com/admin/users?action=delete&username=username
Impact
Deletion of repositories and users
Occurrences
We are processing your report and will contact the
ikus060/rdiffweb
team within 24 hours.
8 months ago
Ambadi MP modified the report
8 months ago
Ambadi MP modified the report
8 months ago
I confirm the vulnerability.
Ambadi MP
has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
@admin could we get an CVE for this repport. Thanks
page_delete.py#L64-L81
has been validated
to join this conversation