Security Vulnerability: Cross Site Request Forgery
FusionDirectrory is vulnerable against Cross Site Request Forgery (CSRF) attacks.
Distribution Name and Version
Debian stable Instance at admin.fusiondirectory.org is also affected.
PHP version used
Origin of php packages
Debian distribution packages.
Steps to Reproduce
- Authenticate with a test account at admin.fusiondirectory.org. Please use a test account, as the password will be reset to a known value.
- Open the attached file CSRF-FusionDirectory.html in the browser.
- Click on the Attack! button.
The application checks state changing requests if they are originated from a previously delivered application web page by comparison of a random token parameter. No changes are made.
The application accepts the request forged by the attacker page. The password of the attacked user is changed to Password1234! and the address is set to Owned!.
Reproduces how often: 100%.
The URL parameter plug is instance specific, but can easily be brute forced by the attacker.
See the OWASP CSRF Page for further details on this vulnerability.