Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The whole project is vulnerable to Cross-site Request Forgery vulnerability. #563

Open
Th3redTea opened this issue Jun 19, 2023 · 0 comments
Open

The whole project is vulnerable to Cross-site Request Forgery vulnerability. #563

Th3redTea opened this issue Jun 19, 2023 · 0 comments

Comments

@Th3redTea
Copy link

Th3redTea commented Jun 19, 2023
edited

In brief, all the post requests are vulnerable to Cross-site Request Forgery issues. This is urgent and should be addressed as soon as possible if they are "really" SMBs benefiting from this project. So basically, a CSRF token should be sent with all the post requests and checked in the backend.

1 - Server sends the client a token.
2 - Client submits a form with the token.

read more about CSRF here: https://portswigger.net/web-security/csrf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Th3redTea