New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installation of theme is not secure with a CSRF token #452

Closed
We5ter opened this Issue Feb 26, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@We5ter

We5ter commented Feb 26, 2017

Hello,

payload:http://127.0.0.1/serendipity/serendipity_admin.php?serendipity[adminModule]=templates&serendipity[adminAction]=install&serendipity[theme]=bartleby&serendipity[spartacus_fetch]=bartleby

Use tag <img> in another html to request this payload,after serendipity's admin visits it,theme will be changed.

version:2.0.5

@onli onli added backend bugs labels Mar 1, 2017

@onli onli added this to the 2.x.0 milestone Mar 1, 2017

@garvinhicking garvinhicking removed their assignment Mar 1, 2017

@garvinhicking

This comment has been minimized.

Show comment
Hide comment
@garvinhicking

garvinhicking Mar 1, 2017

Member

@onli I cannot currently take on this. We should be able to use the same CSRF check we enabled for plugins.

Member

garvinhicking commented Mar 1, 2017

@onli I cannot currently take on this. We should be able to use the same CSRF check we enabled for plugins.

@onli

This comment has been minimized.

Show comment
Hide comment
@onli

onli Mar 1, 2017

Member

Okay, I assigned you by default since it is security related. I'll add a token check.

@We5ter Thanks for reporting!

Member

onli commented Mar 1, 2017

Okay, I assigned you by default since it is security related. I'll add a token check.

@We5ter Thanks for reporting!

@onli onli self-assigned this Mar 1, 2017

@onli onli closed this in cdf3756 Mar 2, 2017

@onli

This comment has been minimized.

Show comment
Hide comment
@onli

onli Mar 2, 2017

Member

I just pushed a fix for this. If you could test the fix as well, that would be greatly appreciated.

Thanks again for the report.

Member

onli commented Mar 2, 2017

I just pushed a fix for this. If you could test the fix as well, that would be greatly appreciated.

Thanks again for the report.

@We5ter

This comment has been minimized.

Show comment
Hide comment
@We5ter

We5ter Mar 2, 2017

@onli thank you for fixing it.

We5ter commented Mar 2, 2017

@onli thank you for fixing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment