SourceCodester Simple Public Chat Room Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the send_message.php endpoint of SourceCodester Simple Public Chat Room version 1.0. The application lacks CSRF protection mechanisms, such as tokens or same-site cookie restrictions. This vulnerability allows an attacker to create a malicious HTML page that, when visited by an authenticated user, automatically submits a forged POST request to the chat message submission endpoint. The request is executed with the user's privileges, enabling the attacker to send arbitrary messages in any chat room on behalf of the victim.

Impact

Exploitation of this vulnerability allows for unauthorized actions to be performed on behalf of the authenticated user, specifically sending messages in chat rooms without the user's consent.

Reproduction

To reproduce this vulnerability, log into the chat application and open a malicious HTML file in the same browser. This file should be crafted to send a POST request to the send_message.php endpoint, using the chat room ID and message data. Once the file is opened, the forged request will be sent automatically, and a message will appear in the chat room as if it was sent by the logged-in user.

Remediation

To address this vulnerability, implement anti-CSRF tokens for all state-changing POST endpoints and validate them on the server side. Additionally, apply SameSite cookie attributes, set HttpOnly and Secure flags on session cookies, and enforce server-side authorization checks for message-sending actions.