Cross-site Scripting (XSS) - Stored in projectsend/projectsend

Valid

Reported on

Jul 2nd 2021


💥 BUG

CSRF bug to delete file

💥 SUMMURY

during batch delete file there is no csrf token present

💥 STEP TO REPRODUCE

1. vulnerable url is http://localhost/projectsend2/manage-files.php?action=delete&batch[]=27&batch[]=31&page=1 .
Here in this url change file-id to delete and open the url and see file is deleted .
So, attacker can send this to any user or admin and when he open this link then file is deleted

💥 IMPACT

Attacker can delete any file using this csrf bug

We have contacted a member of the projectsend team and are waiting to hear back 7 months ago
Ignacio Nelson validated this vulnerability 22 days ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Ignacio Nelson confirmed that a fix has been merged on afc564 22 days ago
Ignacio Nelson has been awarded the fix bounty