Cross-Site Request Forgery (CSRF) in ampache/ampache

Valid

Reported on

Aug 31st 2021

✍️ Description

csrf bug to disable user

🕵️‍♂️ Proof of Concept

I see during disable a user there is no csrf token is checking .
1. First login into admin account .
2. Now copy url http://localhost/ampache-develop/public/admin/users.php?action=disable&user_id=3 and paste in browser tab and hit enter .
Now user will be disabled.

💥 Impact

disable user using csrf bug

Occurrences

index.php L34

We have contacted a member of the ampache team and are waiting to hear back 2 years ago

lachlan validated this vulnerability 2 years ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

lachlan

commented 2 years ago

Maintainer

i've put enable and disable behind confirmation dialogs now with https://github.com/ampache/ampache/commit/bcdd8bb86dcaec87248071aa5ebeacf73c20932c

lachlan marked this as fixed with commit bcdd8b 2 years ago

lachlan has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation