This repository has been archived by the owner on Mar 2, 2019. It is now read-only.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
Version:1.6
I found in your version 1.6 that the change password did not produce a related token, resulting in a CSRF vulnerability
Affected Files:
setpass.php
Poc Payload Test Video:
https://drive.google.com/file/d/0ByrwRfdtgouyUDdKZzBfbE01TG8/view?usp=sharing
Patch Results:
https://drive.google.com/file/d/0ByrwRfdtgouydmlYWnpabm14WHM/view?usp=sharing
The text was updated successfully, but these errors were encountered: