CSRF Vulnerability in Simple Public Chat Room 1.0 send_message.php

Vulnerability Key Information Vulnerability Title Vulnerability Report — CSRF in send_message.php (Simple Public Chat Room 1.0) Discoverer Camilla Flocco Affected Product Simple Public Chat Room 1.0 Vendor: SourceCodester Vulnerability Type Cross Site Request Forgery (CSRF) Vulnerability Description The send_message.php endpoint (POST /chat/send_message.php) in Simple Public Chat Room is vulnerable to Cross-Site Request Forgery (CSRF). Reproduction Steps (Summary) 1. Log in to the vulnerable chat application at http://localhost/chat/. 2. While authenticated, open a malicious .html file (designed to send a POST request to the chat message endpoint). 3. Observe that the attacker successfully sends a message from the victim’s account to chat room 1 (or another targeted chat room) without the victim’s knowledge or consent. Affected Components send_message.php (POST /chat/send_message.php) — Chat message submission endpoint Chat module (message submission workflow / client-side JavaScript) Any web UI that triggers message submission (while authenticated) Attack Type Remote Impact - Code Execution true Impact - Privilege Escalation true Attack Vector The attacker only needs to trick an authenticated user into visiting a malicious webpage that automatically submits a forged POST request to send_message.php. Since authentication relies on session cookies and the application lacks CSRF protection and sufficient server-side origin/authorization checks, the forged request is processed with the victim’s privileges. Chat room identifiers and required parameters are available in client-side JavaScript or hidden fields, allowing attackers to discover and reuse them. Recommended Mitigations Implement anti-CSRF tokens (synchronizer token pattern) for all state-changing POST endpoints and validate them on the server side. Set SameSite=Lax or SameSite=Strict on session cookies. Set HttpOnly and Secure flags on session cookies. Validate Origin and Referer headers on POST requests and reject requests from untrusted sources. Enforce server-side authorization for message submission (verify that the user is permitted to post in the target chat room). Consider requiring additional confirmation or re-authentication for high-impact operations. Implement logging/monitoring to detect automated or bulk operations from a single session. References https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html Prepared by: Camilla Flocco

Goal Reached Thanks to every supporter — we hit 100%!

CSRF Vulnerability in Simple Public Chat Room 1.0 send_message.php

More from this source