search

anbuashokcs / jforum2

Automatically exported from code.google.com/p/jforum2
Other
0 stars 0 forks source link

jforum csrf vulnerability fix #47

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
hello , we have seen csrf vulnerability on jforum.

There is as fix here:
https://github.com/boyarsky/jforumCsrf

But i could not found how to compile and run fixer
Here is ZerodayLab specification:
http://www.zerodaylab.com/zdl-advisories/2012-5337.html

Original issue reported on code.google.com by kadir.ba...@gmail.com on 27 Oct 2013 at 4:44

GoogleCodeExporter commented 9 years ago 
Please check or fix it

Original comment by andow...@gmail.com on 29 Oct 2013 at 3:03

GoogleCodeExporter commented 9 years ago 
A writeup of how this fix came about can be found at 
http://www.selikoff.net/2013/02/09/fixing-csrf-for-jforum/

Original comment by ulf.dittmer on 6 Nov 2013 at 10:17

GoogleCodeExporter commented 9 years ago 
I've done some fix for CSRF in r382. Try it.

Original comment by andow...@gmail.com on 24 Jan 2015 at 5:16