search

gamonoid / icehrm

Manage your employees easily with a robust and efficient Human Resource Management System
http://icehrm.com
Other
567 stars 368 forks source link

Security Report : CSRF at Delete User Functionality #295

Open devansh3008 opened 2 years ago

devansh3008 commented 2 years ago

1.) Navigate to the about section and confirm ICEHRM CMS Version.

icehrm-1

2.) Now login into the application and go to users.

icehrm-2

3.) After this add an user with name Devansh

icehrm-3

4.) Now try to delete the user and intercept the request in burpsuite. We can see no CSRF Token in request.

icehrm-4

icehrm-5

icehrm-6

5.) Go to any CSRF POC Generator: https://security.love/CSRF-PoC-Genorator/

icehrm-7

6.) Now generate a csrf poc for post based request with necessary parameters.

7.) Finally open that html poc and execute in same the browser session.

icehrm-8

icehrm-9

icehrm-10

8.) Now if we refresh the page, the devansh is deleted to csrf vulnerability.

icehrm-11

devansh3008 commented 2 years ago

@gamonoid Please help me with fixing of the issue.

devansh3008 commented 2 years ago

@thilinah could you help me fix this. There are mulitple CSRF Issue I have found. Could you help me fix this. So that i can report others as well?