Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A security issue of MHN API #809

Open
jimmy0435 opened this issue Jul 7, 2021 · 2 comments
Open

A security issue of MHN API #809

jimmy0435 opened this issue Jul 7, 2021 · 2 comments

Comments

@jimmy0435
Copy link

I'm not sure it's appropriate to post detailed information here directly. I've tried to send an email to modern-honey-network@googlegroups.com, but it seems is a public forum. So I delete the thread on the forum. Please let me know which way is better to provide the detailed information, thanks.

@d1str0
Copy link
Collaborator

d1str0 commented Jul 7, 2021

Here is fine.

@jimmy0435
Copy link
Author

Authentication is not needed for modifying the name of sensors on MHN. And the attacker can get some extra information about sensors. Also, the CSRF validation is not working as well. The request can be performed even X-CSRFToken is removed in the HTTP header.
Please refer to the code here: https://github.com/pwnlandia/mhn/blob/master/server/mhn/api/views.py#L59
image

The UUID is needed for this vulnerability. We also found a place to get the sensor id without authentication. We believe not only JSON, but XML also could leak the same data as well. Please refer to the code here:

@mhn.route('/feed.json')

image (1)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants