VulnerableApp icon indicating copy to clipboard operation
VulnerableApp copied to clipboard

Published 20 hours ago verified publisher icon SasanLabs

Adding CSRF vulnerability

Open preetkaran20 opened this issue 3 years ago • 6 comments

Is your feature request related to a problem? Please describe. Currently VulnerableApp doesn't contain any session related vulnerabilities however, backend and frontend frameworks can now support it so in this we are looking to add CSRF vulnerability

Describe the solution you'd like We can create a cookie with key name as level concatenated with vulnerability type as it is a unique combination.

How to approach and Definition of Done The way to approach the problem is

  1. Finding the usecase, so we are looking for a real life usecase where CSRF is found. May be an easier approach to find the usecase is looking at other vulnerable applications like DVWA or BWAPP or Juiceshop. Or you can also search for bug bounties for CSRF
  2. Planning for atleast 2-3 vulnerable implementations and 1-2 secure implementations

The definition of done includes:

  1. A user interface based on template design of vulnerable app
  2. Backend implementations of 2-3 vuln levels and 1-2 secure levels
  3. If needed use the embedded db which is h2

preetkaran20 avatar Oct 10 '21 20:10 preetkaran20

Hello, I represent my group, we are in a Master's degree in cybersecurity and our final project is to contribute to some security issues on opensource projects, i would like to contribute to this issue, is it still open/available ? Thank u.

AlexisOsmont avatar Mar 08 '23 13:03 AlexisOsmont

Hi @AlexisOsmont ,

Thanks for looking to contribute to this issue and Yes, this issue is open and available. In the start I would suggest to curate the list of vulnerability levels you are looking to add and let's discuss on them. (A small doc would be really helpful.)

Regards, Karan

preetkaran20 avatar Mar 08 '23 21:03 preetkaran20

Hi again @preetkaran20 ,

we've seen that there is already an unmerged branch would you like us to work on this to finish the work based on your comments ? if the answer is yes may you give us the changes that you want please ?

Regards, @AlexisOsmont, @zgzorx.

AlexisOsmont avatar Mar 13 '23 09:03 AlexisOsmont

Hi @AlexisOsmont @Zgzorx,

The unfinished PR is: https://github.com/SasanLabs/VulnerableApp/pull/364 and https://github.com/SasanLabs/VulnerableApp/pull/357 PR has all the comments.

The major conversation is at https://github.com/SasanLabs/VulnerableApp/pull/357/files/6cb5db77aa19f550b30567e7a8247ebc18797c8f#r820378181. You can follow from there onwards and please let me know if you need more information.

thanks, Karan

preetkaran20 avatar Mar 14 '23 07:03 preetkaran20

Hi !

We managed to set the http_only cookie on level 3, we would like to be sure : does it need to be set on higher levels or not ?

Regards

Zgzorx avatar Mar 17 '23 10:03 Zgzorx

@Zgzorx yes, Http_only should be set for all the higher levels. I would also suggest to include other cookie flags that owasp recommends to make it more secure for higher levels if possible.

preetkaran20 avatar Mar 17 '23 19:03 preetkaran20