LeapFixSeverity: Medium
Score: 6.5
Accurracy: Confirmed
Language: php
CVSS v3.1: /AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Form without CSRF token found.
Forms should include a CSRF token to protect against Cross-Site Request Forgery attacks. Note that there is no CSRF functionality in this code to ensure the integrity of a legitimate user's request. In other words, an attacker can create malicious requests and create a phish or other strategic means to force the user into unwanted requests.
<!DOCTYPE html>
<html>
<head>
<title>Vulnerable Form</title>
</head>
<body>
<form action="process.php" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username"><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
This example "how to fix your code!"
Consider adding a hidden input field with a CSRF token. In the example below, we are showing how to use CSRF in forms, but we recommend using PHP libraries that perform this type of service, ensuring security in the legitimate sending of data to the server by the user.
This is just example:
<?php
session_start();
// Gerar um token CSRF e armazená-lo na sessão
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Secure Form</title>
</head>
<body>
<form action="process.php" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username"><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password"><br>
<!-- Campo CSRF Token -->
<input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($_SESSION['csrf_token']); ?>">
<input type="submit" value="Submit">
</form>
</body>
</html>