Skip to content
This repository has been archived by the owner on Mar 2, 2019. It is now read-only.

Change password exists CSRF Vulnerability (any change password) #16

Open
honcbb opened this issue May 8, 2017 · 1 comment
Open

Change password exists CSRF Vulnerability (any change password) #16

honcbb opened this issue May 8, 2017 · 1 comment

Comments

@honcbb
Copy link

honcbb commented May 8, 2017

Version:1.6

I found in your version 1.6 that the change password did not produce a related token, resulting in a CSRF vulnerability

Affected Files:

setpass.php

Poc Payload Test Video:

https://drive.google.com/file/d/0ByrwRfdtgouyUDdKZzBfbE01TG8/view?usp=sharing

Patch Results:

https://drive.google.com/file/d/0ByrwRfdtgouydmlYWnpabm14WHM/view?usp=sharing

@honcbb
Copy link
Author

honcbb commented May 8, 2017

This is my personal patch file, you can test:

Patch Results.zip

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant