Cross Site Request Forgery in Sphinn
I have removed the XSRF exploit, although you can click on the link below with the text “this story” to cause a vote to happen. Just imagine putting that into an iframe or an img src=, and it would accomplish the same thing w/o you knowing….
Sphinn’s vulnerability is one of the most common forms of XSRF, where the site allows actions to originate offsite without any authentication aside from the original cookie / session.
There are multiple ways to prevent XSRF, the easiest of which is to generate a user-specific token for each action origination point on the site (a form, a link that votes, etc.) so that only actions that began on the site are successfully completed. Otherwise, the action is interrupted with some other form of authentication (a captcha, or at least a “are you sure you want to vote for this”) type of warning.
Luckily, Sphinn’s XSRF vulnerability is not coupled with an XSS vulnerability, which could allow a nefarious site to accomplish much more than simply generating a vote.No tags for this post.