Zechat Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Zechat version 1.5. This vulnerability allows attackers to change user information by bypassing the application's anti-CSRF protections. Although Zechat implements CSRF tokens, the vulnerability arises because the hashtag parameter can be used to inject an encoded payload that evades these protections. Exploitation can occur by tricking users into submitting modified forms or by using scripts to manipulate the CSRF token.

Impact

Exploitation of this vulnerability allows for unauthorized changes to user data.

Reproduction

To reproduce this vulnerability, first, obtain a valid CSRF token by sending a request to the chat/me?action=edit endpoint with a crafted 'v' parameter that includes a SQL injection payload. Once the token is retrieved, it can be used to submit a form to the chat/data_settings.php endpoint, effectively bypassing the CSRF protection.