wx-shop Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in wx-shop versions up to de1b66331368695779cfc6e4d11a64caddf8716e. The vulnerability arises because the backend does not properly validate the source of requests made to the /sportWear/goodsList API. There is a lack of referer validation, cookie verification, and token-based authentication, allowing requests to be hijacked and exploited. This vulnerability can be exploited remotely, without authentication, but requires user interaction.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can trick a user into performing actions without their consent or knowledge.

Reproduction

To reproduce this vulnerability, log into the application as a user. Then, open a forged HTML page in the same browser session that includes a form targeting the /sportWear/goods/save endpoint. The form should be pre-filled with the necessary data to perform an action, such as saving a product. When the form is submitted, the request will be processed without proper authorization, exploiting the CSRF vulnerability.