We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-Site Request Forgery (CSRF) in baijunyao/laravel-bjyblog

Valid

Reported on

Nov 7th 2021

Description

Attacker is able to logout a user if a logged in user visits attacker website.

Impact

This vulnerability is capable of forging user to unintentional logout.

Test

Tested on Edge, firefox, chrome and safari.

Fix

You should use POST instead of GET.

To expand:

One way GET could be abused here is that a person (competitor perhaps:) placed an image tag with src="<your logout link>" ANYWHERE on the internet, and if a user of your site stumbles upon that page, he will be unknowingly logged out.

This is why it should be a POST with a @csrf token.

While this cannot harm a users account it can be a great annoyance.

We are processing your report and will contact the baijunyao/laravel-bjyblog team within 24 hours. 2 years ago
We have contacted a member of the baijunyao/laravel-bjyblog team and are waiting to hear back 2 years ago
baijunyao
2 years ago

Maintainer

Fixed, thank you very much.

baijunyao validated this vulnerability 2 years ago
HDVinnie has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie
2 years ago

Researcher

@baijunyao thanks

baijunyao marked this as fixed with commit ec12f3 2 years ago
baijunyao has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation