This repository was archived by the owner on Feb 7, 2024. It is now read-only.
This repository was archived by the owner on Feb 7, 2024. It is now read-only.
XSRF vulnerability #7
Open
Description
I noticed that FreshDNS is vulnerable to Cross-Site Request Forgery, allowing an attacker to e.g. delete all zones on your server if they can get you to load a website containing their javascript while you're logged in to FreshDNS in the same browser.
It is fixed (hopefully) in my merge request #6