Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Valid

Reported on

Nov 15th 2021


Description

More unprotected CSRF endpoints that allows for state-changing operations.

1: GET /dashboard/moderation/1/approve

2: GET /requests/1/accept

3: GET /requests/1/reject

4: GET /requests/1/unclaim

5: GET /requests/1/reset

Proof of Concept

<a href="https://[UNIT3D-URL]/dashboard/moderation/1/approve">CLICK ME!</a>

Impact

This vulnerability is capable of tricking admin users to accept / reject / unclaim / reset requests and admin users to approve stuff.

Occurences

requests accept api

requests unclaim / reset api

moderation api

requests accept blade

requests reject api

requests reject blade

requests unclaim blade

moderation blade

We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. 19 days ago
HDVinnie validated this vulnerability 19 days ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie confirmed that a fix has been merged on 804c4c 19 days ago
HDVinnie has been awarded the fix bounty
web.php#L250L251 has been validated
web.php#L785 has been validated
request.blade.php#L295L299 has been validated
request.blade.php#L207L213 has been validated
request.blade.php#L291L293 has been validated
web.php#L247 has been validated
web.php#L244 has been validated
index.blade.php#L55L62 has been validated