Ticket Information - ID: #1196
| ID: | Category: | Severity | Reproducibility | Date Submitted | Updated By: |
|---|---|---|---|---|---|
| 0001196 | Bug Reporting | High | always | 05/15/22 07:06AM | lozertuser |
|
|
| Summary: | Post Actions are Vulnerable to CSRF Attacks |
| Description: | Many post actions make use of a GET request without an CSRF tokens, this allows an attacker to make a user perform these actions without their consent. Currently vulnerable to this are the Post Edit, Post Upvote, and Flag for Deletion. There several other actions that also use the GET method, however use a CRSF token so are protected. An example of this attack would be a malicious site that embed this HTML in their site. <img width=0 height=0 src="https://gelbooru.com/index.php?page=post&s=vote&id=7254655&type=up"> Anybody visiting the page that is logged into Gelbooru would post an upvote to post 7254655. This can be fixed by changing these actions to post requests or adding a CSRF token. |
| Additional Info: | OWASP Recommendations: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md |
lozertuser replied at 2022-05-18 19:44:19  |
| I'm not *super* concerned on this one, so I will not likely rush to fix it. Bit busy at this second. But bumping so I remember to address these once I check the trac again. I'm aware logging users out is still possible, but it doesn't really harm anyone currently, so also a bit low priority. |