Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq
Dec 27th 2021
Hi there phpmyfaq team, I would like to report a Cross site request Forgery in phpmyfaq. It is in publishing question.
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.
Proof of Concept
Install a local instance of phpmyfaq
Open phpmyfaq as an anonymous user and click on Add question, then add a new question.
Use admin account and access this link
/phpmyfaq/admin/?action=question&id=1&is_visible=toggle, see that the published status of the question is toggled.
POC picture https://drive.google.com/file/d/1IlgsfH560k001rUd-JPRpvSV4f2Ez3jx/view?usp=sharing.
In real attack scenario, the attacker would feed this link to phpmyfaq admin users and when they click it, the question published status is toggled without their consent.
This vulnerability is capable of CSRF.