FS#93 : Logout CSRF

Status Closed
Assigned To

cbay
Private

Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 04.11.2024
Last edited by cbay - 06.11.2024

FS#93 - Logout CSRF

Logout CSRF

Hi Team,
This is a low risk but want you to know that logout on this domain admin.alwaysdata.com did not protect the logout form with csrf token, therefor i can logout any user by sending this url https://admin.alwaysdata.com/logout/.
Logout should have post method with a valid csrf token.
Let me know if you need more info.

Regards
Waleed Anwar

Closed by cbay
06.11.2024 08:10
Reason for closing: Invalid

Comments (2)
Related Tasks (0/0)

cbay commented on 05.11.2024 16:26

Hello,

That's correct, but I don't think that could pose any security risk.

Kind regards,
Cyril

waloodi_109 commented on 05.11.2024 16:45

Yes, you are right, but if you are domain have self xss so csrf logout will be chained with it.

	Tasks related to this task (0)

Loading...

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task