Critical CSRF Vulnerability
Reported by Narendra Bhati | November 6th, 2014 @ 07:09 PM | in 2.3.7 (closed)
I was reported csrf vulnerability here
http://exponentcms.lighthouseapp.com/projects/61783/tickets/1179-0-...
But you team not able to understand the vulnerability and his impact so i am reporting you again for this issue
Here you will get the all details - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
By using CSRF an attacker can remotely trick an logged
administrator to change his site title bar name , create a new page
, create a post with xss payload
kindly see the poc video
Comments and changes to this ticket
-
Narendra Bhati November 14th, 2014 @ 03:17 PM
- Assigned user set to “expNinja”
i am talking about csrf not xss !
-
Narendra Bhati November 14th, 2014 @ 03:18 PM
i will find the same issue "CSRF" in your new cms version which is 2.3.1 and report it to you with new ticket
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
expNinja
Narendra Bhati