Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-9372

CSRF Vulnerability on "Send Message" functionality

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 5.2-milestone-1
    • 5.1
    • Message Stream
    • None
    • Apache 7. Mysql 5.5, XWIKI 5.1
    • Easy
    • N/A
    • N/A

    Description

      There is a CSRF Vulnerability on "Send Message" functionality.
      Using this we can send any message,select its visibility and also select whether to send to everyone or any particular user.

      POC URL: http://localhost:8080/xwiki-enterprise-web-5.1/bin/view/Main/MessageSenderMacro?xpage=plain&xaction=postMessage&messagestream_message=testaaabbbb&visibilityLevel=everyone&targetName=

      Using the parameter "messagestream_message" we can customize the message to send.

      Using the parameter "visibilityLevel" we can customize the visibility.

      Using the parameter "targetName" we can customize whether to send to a particular user or to all followers.

      Vulnerability tested on XWIKI 5.1, so lower versions are also affected.

      Attachments

        1. CSRF_01.jpg
          50 kB
          Abhisek
        2. CSRF_02.jpg
          186 kB
          Abhisek

        Issue Links

          Activity

            People

              thomas_delafosse Thomas Delafosse
              bigboss Abhisek
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: