Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton


Reported on

Aug 14th 2023

A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website.

For example, an attacker could send a victim a malicious link that looks like it comes from a legitimate website. When the victim clicks on the link, it will submit a request to the website to transfer money from the victim's account to the attacker's account. The victim would not have intended to do this, but they would have been tricked into doing it by the attacker.

--POC --


The attacker could use the victim's email address to impersonate the victim. This could be used to commit fraud or to damage the victim's reputation

We are processing your report and will contact the fobybus/social-media-skeleton team within 24 hours. a month ago
a month ago


Use a CSRF token: A CSRF token is a randomly generated value that is used to authenticate requests to a website. This token is added to every request that is made to the website, and the website checks to make sure that the token is valid before processing the request. This is the most effective way to protect against CSRF attacks

fobybus gave praise a month ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
fobybus validated this vulnerability a month ago
zodiac0704 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
fobybus marked this as fixed in 1.0.5 with commit 344d79 a month ago
fobybus has been awarded the fix bounty
This vulnerability will not receive a CVE
This vulnerability is scheduled to go public on Aug 24th 2023
fobybus published this vulnerability a month ago
to join this conversation