search

howest-wsde / VrijwilligersTool

Roeselare vrijwilligt
4 stars 0 forks source link

Password recovery form exploit #429

Closed SnelleJelle closed 7 years ago

SnelleJelle commented 7 years ago

@Route("/paswoord/recover/", name="request_recover")

Can be exploited to retrieve all registered email addresses by brute forcing. Low impact, but very easy to exploit.

SnelleJelle commented 7 years ago

nevermind der zit een csrf token in