Open honcbb opened 7 years ago
Version:1.6
I found in your version 1.6 that the change password did not produce a related token, resulting in a CSRF vulnerability
Affected Files:
setpass.php
Poc Payload Test Video:
https://drive.google.com/file/d/0ByrwRfdtgouyUDdKZzBfbE01TG8/view?usp=sharing
Patch Results:
https://drive.google.com/file/d/0ByrwRfdtgouydmlYWnpabm14WHM/view?usp=sharing
This is my personal patch file, you can test:
Patch Results.zip
Version:1.6
I found in your version 1.6 that the change password did not produce a related token, resulting in a CSRF vulnerability
Affected Files:
setpass.php
Poc Payload Test Video:
https://drive.google.com/file/d/0ByrwRfdtgouyUDdKZzBfbE01TG8/view?usp=sharing
Patch Results:
https://drive.google.com/file/d/0ByrwRfdtgouydmlYWnpabm14WHM/view?usp=sharing