Cross-Site Request Forgery (CSRF) in i-love-flamingo/flamingo-commerce

Valid

Reported on

Oct 8th 2021


Description

CSRF in cart related endpoints. This include:

  • Adding items to cart
  • Clean cart
  • Delete item from cart
  • Update cart

This happens because the system use GET request for these actions and thus allows CSRF attacks.

Proof of Concept

  1. Access this link in a browser https://demoshop.flamingo.me/en/cart/add/awesome-retailer_1089254?qty=100&deliveryCode=pickup_store ​See that your cart is added 100 products.
  2. Access this link: https://demoshop.flamingo.me/en/cart/clean, see that your cart is emptied.
We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 months ago
We have contacted a member of the i-love-flamingo/flamingo-commerce team and are waiting to hear back 2 months ago
2 months ago

Maintainer


Please see https://github.com/i-love-flamingo/flamingo-commerce/pull/343

i-love-flamingo/flamingo-commerce maintainer validated this vulnerability 2 months ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
i-love-flamingo/flamingo-commerce maintainer confirmed that a fix has been merged on afe9d2 2 months ago
The fix bounty has been dropped