New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF Bypass v1.3.6 #389
Comments
|
Affected software: BlackCat CMS Type of vulnerability: CSRF (Cross-Site Request Forgery) Discovered by: Noth Author: Noth Version : v.1.3.6 Description: BlackCat CMS is vulnerable to persistent Cross-Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate . Vulnerable URL: Step 1 : go to backend/login/index.php Step 2 : Use burpsuite to intercept packets Step 3 : Generate PoC ( remove the csrf_token ==> "" ) Test Video : Bypass the csrf_token to login |
|
Thank you,
we will provide a patch soon!
Mit freundlichen Grüßen
Matthias Glienke
—————————————————————————
https://blackcat-cms.org
https://github.com/BlackCatDevelopment/BlackCatCMS
—————————————————————————
info@blackcat-cms.org
… Am 30.05.2020 um 23:29 schrieb Not_H ***@***.***>:
Hi ~ I find a CSRF Bypass Vulnerability !
Version : v1.3.6
Author : Noth(沈彧璿)
Step 1 : go to backend/login/index.php
Step 2 : Use burpsuite to intercept packets
Step 3 : Generate PoC ( remove the csrf_token ==> "" )
Test Video :
https://drive.google.com/file/d/1tfIPHocmoskX-9wc5rw_7kdX3lNmGpzG/view?usp=sharing <https://drive.google.com/file/d/1tfIPHocmoskX-9wc5rw_7kdX3lNmGpzG/view?usp=sharing>
Bypass the csrf_token to login
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#389>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKKHGTVJ6L246BW2T5QAMLRUF3CNANCNFSM4NO3Q7GQ>.
|
|
@creativecat Thank you ! |
|
Token use is optional, is it set to on or off? |
|
Token can be bypassed, this is a problem |
|
@webbird Thanks you ,I got it |
|
Anyway, the token is not being checked in any case, so we have to fix this. |
|
Now we have a problem with valid login... :( |
|
Do you already fix it ? |
|
This is still work in progress. I am having a full time job. ;) |
|
xD Ok ! @webbird if the security problem is fixed ,please tell me ! |
|
Should work now, will have to do some testing... |
|
"Add page" does not work now... |
|
Da ich einige Probleme mit csrf-magic habe und es zudem auch nicht mehr gepflegt wird, teste ich derzeit die Integration eines anderen Moduls. Das wird noch etwas dauern. Since I have some problems with csrf-magic and it is no longer maintained, I am currently testing the integration of another module. This will take some time. |
|
Ok ! @webbird Just fix it slowly Best Regards |
|
Issue "fixed" by removing CSRF Token. V1.4 will use same site cookies instead. |
|
@webbird Thanks you . |



No description provided.
The text was updated successfully, but these errors were encountered: