AsmBB

Power
Login Register

Minor but annoying CSRF bug fixed.
0

#15664 (ツ) johnfound
Created 21.11.2018, read: 3944 times

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

#15665 (ツ) ufuk
Created 21.11.2018, read: 3930 times
johnfound

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

hi,

i can not find below files

Modified source/accounts.asm Modified source/ToDo.txt

#15666 (ツ) johnfound
Created 21.11.2018, read: 3927 times

Minor but annoying CSRF bug fixed.
0

AsmBB v3.0 (check-in: a316dab8b98d07d9); SQLite v3.42.0 (check-in: 831d0fb2836b71c9);
©2016..2023 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE