SourceCodester Diary App Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in SourceCodester Diary App version 1.0. The issue is located in the diary.php file, specifically within a function that handles diary entry deletions. The vulnerability arises because the application allows deletion requests to be sent via the GET method without any CSRF protection. This flaw can be exploited remotely, enabling attackers to delete diary entries on behalf of authenticated users who inadvertently visit a malicious webpage.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of diary entries, leading to a permanent loss of user-generated content.

Reproduction

To reproduce this vulnerability, log into the Diary App and create a diary entry. Note the entry ID that you wish to delete. Then, create a malicious HTML page that includes a link to the diary.php file with the GET parameter 'delete' set to the ID of the entry you want to remove. When an authenticated user visits this page, the entry will be deleted without their consent.

Remediation

It is recommended to implement proper CSRF protection by using POST requests for deletion actions, adding CSRF tokens to state-changing requests, validating these tokens server-side, and incorporating confirmation dialogs for destructive operations.