AsmBB

Power
Login Register

Minor but annoying CSRF bug fixed.
0

#15664 (ツ) johnfound
Created 21.11.2018, read: 2124 times

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

#15665 (ツ) ufuk
Created 21.11.2018, read: 2110 times
johnfound

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

hi,

i can not find below files

Modified source/accounts.asm Modified source/ToDo.txt

#15666 (ツ) johnfound
Created 21.11.2018, read: 2107 times

Minor but annoying CSRF bug fixed.
0

AsmBB v2.9 (check-in: 072c21edcbadbc51); SQLite v3.31.1 (check-in: 3bfa9cc97da10598);
©2016..2020 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE