search

Horndev / zapread.com

Website for zapread.com
https://www.zapread.com
GNU Affero General Public License v3.0
18 stars 4 forks source link

Stealing Groups via CSRF at /Group/UpdateUserGroupRoles #384

Closed Horndev closed 4 years ago

Horndev commented 4 years ago

Credit to fwtf

Impact: If the owner of the targeted group clicks on my link, I'm Admin/Mod of the group.

Steps to reproduce:

  1. Edit the payload (below) and fill in targeted group + attackers username
  2. Open the payload in victims account

PoC:

  1. Open the payload in victims account Sorry for my bad wording. I meant to say open this in the victims browser.
Horndev commented 4 years ago

Fixed with anti-forgery token