MYBB HTML Form Without CSRF Protection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1842951 漏洞类型
发布时间 2019-12-01 更新时间 2019-12-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019120001
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Author : Gaddar ~ Turkish Vulnerability Researcher
Tested On : Kali Linux/Opera Browser
Local : Yes
Team : Yer6Sec Turkish Security Crew

Vulnerability Description ;
• This alert may be a false positive, manual confirmation is required.

• Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized 
• commands are transmitted from a user that the website trusts. 

• Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form.
• This vulnerability affects /forumdisplay.php (c665df4242c1a82f6a9aa0a0d24afa6a). 

Request
GET /forumdisplay.php?fid=2 HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://www.targetsite.com/forumdisplay.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: __cfduid=d8286188354df2224659ab6e9929e718f1575228127; mybb[lastvisit]=1575228126; mybb[lastactive]=1575228128; sid=9289656bb25617f993170ad3da2d9291
Host: www.wmduragi.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Response
HTTP/1.1 200 OK
Date: Sun, 01 Dec 2019 19:22:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Set-Cookie: mybb[lastactive]=1575228129; expires=Mon, 30-Nov-2020 19:22:09 GMT; path=/; domain=.targetsite.com
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 53e76da1cfb372c3-AMS
Original-Content-Encoding: gzip
Content-Length: 19188

CWE CWE-352 
CVSS Base Score: 2.6 - AV:N/AC:H/Au:N/C:N/I:P/A:N 
 Access Vector: Network 
 Access Complexity: High 
 Authentication: None 
 Confidentiality Impact: None 
 Integrity Impact: Partial 
 Availability Impact: None 

How to fix this vulnerability
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.