Critical CSRF Vulnerability In 2.3.1
Reported by Narendra Bhati | November 16th, 2014 @ 10:58 AM | in User issues
CSRF Vulnerability In Exponent 2.3.1
What Is CSRF - According To OWASP
CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the targeted end user is a normal user, a successful CSRF attack can compromise sensitive data. If the targeted end user is the administrator account, this type of attack can compromise the entire web application.
POC Video ( Private Mode) - http://youtu.be/ToSA48_37dk
Here is the CSRF Attack exploit code
Comments and changes to this ticket
-
-
Narendra Bhati December 20th, 2014 @ 02:03 PM
- Assigned user set to “expNinja”
So what your are going to do next ? about this issue !
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
expNinja
Narendra Bhati