Cross-Site Request Forgery (CSRF) in erudika/scoold

Valid

Reported on

Dec 22nd 2021


Description

Hi there, I would like to report a CSRF vulnerability in erudika/scoold. This allows an attacker to change the current user question space or add them to default space against their will.

Proof of Concept

  1. Access scoold demo at https://pro.scoold.com/ and log in
  2. Access this link https://pro.scoold.com/questions/space/scooldspace:google-analytics
  3. See that a new cookie return scoold-pro-space with value is based 64 encoded of "scooldspace:google-analytics:Google Analytics", indicating that you are added to the above space
  4. Access this link https://pro.scoold.com/questions/space/ and see that you are added back to the default space

Impact

This vulnerability is capable of CSRF

We are processing your report and will contact the erudika/scoold team within 24 hours. a month ago
We have contacted a member of the erudika/scoold team and are waiting to hear back a month ago
We have sent a follow up to the erudika/scoold team. We will try again in 7 days. a month ago
Alex Bogdanovski validated this vulnerability a month ago
justinp09010 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski confirmed that a fix has been merged on ee59dd a month ago
Alex Bogdanovski has been awarded the fix bounty