A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:
[!/!logout][Attack image]
The attack image
Of course, now it is safe.
Updating the engine and the templates is recommended.
The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.
johnfound A minor, but annoying CSRF vulnerability has been fixed. It allowed an attack on /!logout function through image tags. Such as below:
[!/!logout][Attack image]The attack image
Of course, now it is safe.
Updating the engine and the templates is recommended.
The changed files can be seen here: https://asm32.info/fossil/repo/asmbb/info/42032b0a862fccd3. Notice how the logout link is replaced by a form and submit button, styled as an ordinary link.
hi,
i can not find below files
Modified source/accounts.asm Modified source/ToDo.txt
ufuk hi,
i can not find below files
Modified source/accounts.asm Modified source/ToDo.txt
These files are part of the source code. The binary package that is needed for the installation does not contain the source code.
But you will need these files only if you want to compile AsmBB from sources. If this is the case, the procedure is described in the following posts: Instructions for assembling asmbb without using FreshIde or AsmBB how to download, compile and install.