AsmBB

Power
Login Register

Minor but annoying CSRF bug fixed.

#15664 (ツ) johnfound
Created 21.11.2018, read: 1166 times

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

#15665 (ツ) ufuk
Created 21.11.2018, read: 1152 times
johnfound

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

hi,

i can not find below files

Modified source/accounts.asm Modified source/ToDo.txt

#15666 (ツ) johnfound
Created 21.11.2018, read: 1149 times
AsmBB v2.8 (check-in: 6348f13102432a47); SQLite v3.31.1 (check-in: 3bfa9cc97da10598);
©2016..2020 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE