Description:
The AdminController.nameUpdate endpoint lacks Cross-Site Request Forgery (CSRF) protection. An authenticated administrator can be tricked into visiting a malicious website that silently submits a POST request to /admin/profile/name.
Impact:
An attacker can remotely change the administrator's login username and nickname. If the username is changed without the admin's knowledge, they will be effectively locked out of the system, as the original credentials will no longer work, resulting in a Denial of Service (DoS) for administrative access.
Cause:
The endpoint processes state-changing requests via application/x-www-form-urlencoded without validating a CSRF token or enforcing strict SameSite cookie policies.
AdminController.nameUpdate
Account username modification
Before the attack
After the attack
payload:
<form action="http://127.0.0.1:28083/admin/profile/name" method="POST" enctype="application/x-www-form-urlencoded">
<input name="loginUserName" value="hijacked" hidden> <input name="nickName" value="forced" hidden>
<input type="submit">
</form>
This can result in the original account being unable to log in after the username is changed.
Description:
The AdminController.nameUpdate endpoint lacks Cross-Site Request Forgery (CSRF) protection. An authenticated administrator can be tricked into visiting a malicious website that silently submits a POST request to /admin/profile/name.
Impact:
An attacker can remotely change the administrator's login username and nickname. If the username is changed without the admin's knowledge, they will be effectively locked out of the system, as the original credentials will no longer work, resulting in a Denial of Service (DoS) for administrative access.
Cause:
The endpoint processes state-changing requests via application/x-www-form-urlencoded without validating a CSRF token or enforcing strict SameSite cookie policies.
AdminController.nameUpdate
Account username modification
Before the attack
After the attack
payload:
This can result in the original account being unable to log in after the username is changed.