[FUNNY][MINI0DAY] FLATPRESS-1.1-Cross-Site Request Forgery

    Today, the weather is good but due to the COVID-19 crisis I was at home. In that time, I have found a security issue of FLATPRESS.
    Cross-Site Request Forgery (CSRF) vulnerabilities found in FlatPress: FlatPress version 1.1 allow a malicious user to perform actions such as delete any file, folder, entry; disable plugin. (fp-plugins\mediamanager\tpls\admin.plugin.mediamanager.files.tpl....)

Download FlatPress 1.1 (zip, 1.0 MiB)

- Discovered: Trung Thanh Le.
- Published: 19/04/2020.
- Vendor and Product: FlatPress.  
- Version: 1.1.
- Solution: Add tokens anti-csrf.

Attack Vector / Criticality — High

    Through Cross-Site Request Forgery (SSRF) vulnerabilities, an attacker could take advantage of the application;s trust in legitimate users to create a malicious link of form that will be executed through them.

Paremeters / Vulnerable Resources

    In the source code, the DeleteFile, DeleteEntry, Disable Plugin, DeleteFolder function  is sent via unauthenticated GET method.

    The application does not have anti-csrf tokens, so it is vulnerable to Cross-site Request Forgery attacks. The vulnerability allows delete any file.

Proof Of concept

Wishing everyone healthy during the crisis.