Skip to content
Permalink
Browse files

Update password_reminder.php

This is to prevent the logic vulnerability, pretty serious bug tbh. The $_SESSION array gets re-written between setting and checking and so your logic fails and an attacker can update anyones password...
  • Loading branch information...
Steven Seeley
Steven Seeley committed Mar 19, 2016
1 parent e2cc51d commit d74f1177cfa92ed8e49aa65f724f308b4a3ac5b9
Showing with 1 addition and 2 deletions.
  1. +1 −2 password_reminder.php
@@ -96,7 +96,6 @@
if ($_REQUEST['h'] != $hash_bit) {
$msg->addError('INVALID_LINK');
$savant->display('password_reminder_feedback.tmpl.php');
} else if (($_REQUEST['h'] == $hash_bit) && !isset($_POST['form_change'])) {
$savant->assign('id', $_REQUEST['id']);
$savant->assign('g', $_REQUEST['g']);
@@ -178,4 +177,4 @@
}
?>
?>

0 comments on commit d74f117

Please sign in to comment.
You can’t perform that action at this time.