Security Fix for Cross-site Request Forgery (CSRF) - huntr.dev

[huntr-helper]

https://huntr.dev/users/alromh87 has fixed the Cross-site Request Forgery (CSRF) vulnerability 🔨. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/node-login/pull/2 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/other/node-login/1/README.md

User Comments:

📊 Metadata *

Bounty URL: https://www.huntr.dev/bounties/1-other-node-login

⚙️ Description *

node-login is a template for quickly building login systems on top of Node.js & MongoDB. It is vulnerable to CSRF attacks in Update and Delete profile actions

💻 Technical Description *

Avoid CSRF by using csrf token using csurf

🐛 Proof of Concept (PoC) *

1. Download and setup node-login
2. Go to http://localhost:3000/signup and create an account
3. Create payload and serve trough web

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost:3000/home" method="POST">
      <input type="hidden" name="name" value="hacked" />
      <input type="hidden" name="email" value="hacked&#64;test&#46;com" />
      <input type="hidden" name="country" value="Afghanistan" />
      <input type="hidden" name="pass" value="hacked" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

4. Open payload from same browser as logged in user and click on Submit button
5. User data has been tempered with

🔥 Proof of Fix (PoF) *

After fix data is unafected as csrf token is requiered for post actions

👍 User Acceptance Testing (UAT)

All functinality is unafected