Sarmad Hassan
Published On: 02 Dec 2019
CSRF bug, Force other users to join or leave Subwikis in Wt. Social
CSRF
WT.Social | Web
---
MEDIUM VALIDDescription
While checking the behavior of "Subwikies" when user join or leave it, I noticed that they were using "GET" request without Anti-CSRF token.
Impact
This bug allow the attacker to Force other users to join or leave any Subwiki he want.
Reproduction Steps
Step
1
for following subwiki: https://wt.social/sbwactions/[subwiki-name]/follow-subwiki?vue=true
for leaving Subwiki: https://wt.social/sbwactions/[subwiki-name]/unfollow-subwiki?vue=true
If the attacker want to force the user to follow subwiki called "iraq" he will send below link to the user:
https://wt.social/sbwactions/iraq/follow-subwiki?vue=true
If the attacker want to force the user to leave subwiki called "iraq" he will send below link to the user:
Timeline
VALID
Sarmad
24 Nov 2019
WT.Social
25 Nov 2019
WT.Social
03 Dec 2019
Sarmad
05 Dec 2019