Dashboard

Cross Site Request Forgery

Severity: Medium
Bug ID: 578
Researcher: sandeepv
Status: Disclosed
Submitted: 11/30/2014

Description:

Forging login requests: Attacker can monitor victim's actions An attacker may forge a request to log the victim into a target website using the attacker's credentials; this is known as login CSRF. Login CSRF makes various novel attacks possible; for instance, an attacker can later log into the site with his legitimate credentials and view private information like activity history that has been saved in the account.

Affected URL:

http://crowdshield.com/login.php

Affected Params:

username , password

Bug Evidence:

<html>
<body>
  <form action="http://crowdshield.com/login.php" method="POST">
      <input type="hidden" name="username" value="user" />
      <input type="hidden" name="password" value="pass123" />
      <input type="hidden" name="submit" value="Login" />
      <input type="submit" value="Submit request" />
      </form>
</body>
</html>


Bug Recommendation:

Implement csrf tokens in both cookies and post request.This restricts some token bypasses

Direct Chat

4
sandeepv 11/30/2014
Message User Image
submitted a Cross Site Request Forgery bug to CrowdShield
CrowdShield 12/01/2014
Message User Image
Acknowledged bug ID: 578 - Cross Site Request Forgery submitted by sandeepv and awarded 15 points!
CrowdShield 12/08/2014
Message User Image
Fixed bug ID: 578 - Cross Site Request Forgery submitted by sandeepv
CrowdShield 06/24/2015
Message User Image
disclosed a Cross Site Request Forgery bug submitted by sandeepv

Pending Bugs

ID Severity Vulnerability User Date Status
692High Authentication Bypass dia2diab 07/01/2015 Disclosed
778High Privilege Escalation poseidon 08/24/2018 Disclosed
641High Privilege Escalation daksh 12/05/2014 Disclosed
744High Privilege Escalation realn0j 09/06/2017 Disclosed
670High Remote Code Execution zoczus 05/06/2015 Disclosed
593Medium Buffer Overflow rockcena 12/01/2014 Disclosed
578Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
580Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
659Medium Reflected Cross Site Scripting pratap 12/16/2014 Disclosed
742Low Application Errors guifre 07/29/2017 Disclosed
724Low Session Security and Cookies testingcs 04/24/2016 Disclosed
706Informational Other zediwon 09/28/2015 Disclosed
707Informational Other behroz 10/06/2015 Disclosed