AsmBB

Power
Login Register

Minor but annoying CSRF bug fixed.

#15664 (ツ) johnfound
Created 21.11.2018, read: 1419 times

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

#15665 (ツ) ufuk
Created 21.11.2018, read: 1405 times
johnfound

A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:

 [!/!logout][Attack image]
The attack image

Attack image

Of course, now it is safe.

Updating the engine and the templates is recommended.

The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.

hi,

i can not find below files

Modified source/accounts.asm Modified source/ToDo.txt

#15666 (ツ) johnfound
Created 21.11.2018, read: 1402 times
AsmBB v2.9 (check-in: 6d407831308ba556); SQLite v3.31.1 (check-in: 3bfa9cc97da10598);
©2016..2020 John Found; Licensed under EUPL. Powered by Assembly language Created with Fresh IDE