previous title was "/actions is full of holes"
previous previous title was "/actions is visible again"
Having been informed that it's supposed to be visible for ajax-y things, then the issue is the flurry of sqli here.
The point of the above link is to demonstrate a csrf attack - an attacker can gain admin rights with a link similar to that, and if a logged-in admin visits it, the action takes place.
Why that's important - take a look at the source of http://www.cs.uml.edu/~mmcginty/csrf.html for the why.
I should note that I just confirmed that the above works as expected when visited by an admin user.
previous title was "/actions is full of holes" previous previous title was "/actions is visible again" Having been informed that it's supposed to be visible for ajax-y things, then the issue is the flurry of sqli here.
Things like: (upload.php)
$session_key = $_COOKIE['isense_login']; $uid = getUserIdFromSessionToken($session_key);Also, see:
http://isensedev.cs.uml.edu/actions/users.php?action=admin&id=625
The point of the above link is to demonstrate a csrf attack - an attacker can gain admin rights with a link similar to that, and if a logged-in admin visits it, the action takes place. Why that's important - take a look at the source of http://www.cs.uml.edu/~mmcginty/csrf.html for the why. I should note that I just confirmed that the above works as expected when visited by an admin user.