Created
March 30, 2023 02:45
-
-
Save b33t1e/6172286862a4486b5888f3cbbdc6316d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[description] | |
forem up to v2022.11.11 was discovered to contain a Cross Site Request Forgery (CSRF) | |
via the component /articles, /articles/{id}. | |
> | |
------------------------------------------ | |
> | |
[Vulnerability Type] | |
Cross Site Request Forgery (CSRF) | |
> | |
------------------------------------------ | |
> | |
[Vendor of Product] | |
https://github.com/forem/forem | |
> | |
------------------------------------------ | |
> | |
[Affected Product Code Base] | |
forem - <= Version 2022.11.11 | |
> | |
------------------------------------------ | |
> | |
[Affected Component] | |
The API endpoints /articles, /articles/{id} are vulnerable to Cross Site Request Forgery (CSRF) attacks via the main_image parameter. | |
> | |
------------------------------------------ | |
> | |
[Attack Type] | |
Remote | |
> | |
------------------------------------------ | |
> | |
[Impact Code execution] | |
true | |
> | |
------------------------------------------ | |
> | |
[Impact Escalation of Privileges] | |
true | |
> | |
------------------------------------------ | |
> | |
[Impact Information Disclosure] | |
true | |
> | |
------------------------------------------ | |
> | |
[Attack Vectors] | |
POC: POST API with "main_image":"http://127.0.0.1:4444/main_image?main_image=ssrf¶m=123" | |
details can be seen: https://notes.sjtu.edu.cn/s/EEEK9r_Gw | |
> | |
------------------------------------------ | |
> | |
[Discoverer] | |
beet1e | |
> | |
------------------------------------------ | |
> | |
[Reference] | |
http://forem.com | |
https://github.com/forem/forem | |
https://notes.sjtu.edu.cn/s/EEEK9r_Gw |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment