#1234 new
Narendra Bhati

Critical CSRF Vulnerability In 2.3.1

Reported by Narendra Bhati | November 16th, 2014 @ 10:58 AM | in User issues

CSRF Vulnerability In Exponent 2.3.1

What Is CSRF - According To OWASP

CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the targeted end user is a normal user, a successful CSRF attack can compromise sensitive data. If the targeted end user is the administrator account, this type of attack can compromise the entire web application.

POC Video ( Private Mode) - http://youtu.be/ToSA48_37dk
Here is the CSRF Attack exploit code

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket