Open zxc7528064 opened 4 years ago
Hi ~ Thank you for taking this security issue seriously .
Thanks It will probably be fixed, but I don't know when. Need to wait for @klocus. Cheers.
@michu2k Thanks you , can I use the Security issue to apply for CVE Number ?
@zxc7528064 Unfortunately, I'm not the author of Batflat, so I don't think I can answer your question.
@michu2k Ok! I wait for author to answer it , Thanks you Best regards
@michu2k , if you fix the security problem , please tell me .
Do you have any update ?
Hi ~ I find a CSRF Vulnerability ! Version : v.1.3.6 Author : Noth Step 1 : go to /admin Step 2 : Use burpsuite to intercept packets Step 3 : Generate PoC Test Video : https://drive.google.com/file/d/1UBKqyOZL1pxA8_fiCBdMuS6D2bTxXsOa/view?usp=sharing
No csrf_token so that can login to the system