You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 7, 2024. It is now read-only.
I noticed that FreshDNS is vulnerable to Cross-Site Request Forgery, allowing an attacker to e.g. delete all zones on your server if they can get you to load a website containing their javascript while you're logged in to FreshDNS in the same browser.
It is fixed (hopefully) in my merge request #6
The text was updated successfully, but these errors were encountered:
Will test for this when I have time. Going through the code as we speak to see if I can find anything "weird". I will push some "dirty" fixes like the auto-md5 to sha1/sha512 and make sure those are pushed to this as well. I'll also add all the DNSSEC related information etc. when I find some spare time.
I noticed that FreshDNS is vulnerable to Cross-Site Request Forgery, allowing an attacker to e.g. delete all zones on your server if they can get you to load a website containing their javascript while you're logged in to FreshDNS in the same browser.
It is fixed (hopefully) in my merge request #6
The text was updated successfully, but these errors were encountered: