Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The AntiCSRF measures have some defects and attacker can bypass it with Flash, by adding X-Forwarded-Host header.
X-Forwarded-Host
After the administrator logged in, open the following page: malicious payload could be injected into the configuration #176 :
<object type="application/x-shockwave-flash" data="PoC.swf?h=<target_url>" width="400" height="400"> </object>
The reason for the vulnerability is in views/lib/AntiCSRF.py line 12, the request.host can be overwrite by X-Forwarded-Host, which is the default behavior of werkzeug wsgi.
request.host
The text was updated successfully, but these errors were encountered:
Nice catch! @gsfish will fix it!
Sorry, something went wrong.
820e9e4
No branches or pull requests
The AntiCSRF measures have some defects and attacker can bypass it with Flash, by adding
X-Forwarded-Hostheader.After the administrator logged in, open the following page: malicious payload could be injected into the configuration #176 :
The reason for the vulnerability is in views/lib/AntiCSRF.py line 12, the
request.hostcan be overwrite byX-Forwarded-Host, which is the default behavior of werkzeug wsgi.The text was updated successfully, but these errors were encountered: