search

sruupl / batflat

Lightweight, fast and easy CMS for free. Bootstrap ready. https://batflat.org
MIT License
134 stars 54 forks source link

CSRF Vulnerability v1.3.6 #84

Open zxc7528064 opened 4 years ago

zxc7528064 commented 4 years ago

Hi ~ I find a CSRF Vulnerability ! Version : v.1.3.6 Author : Noth Step 1 : go to /admin Step 2 : Use burpsuite to intercept packets Step 3 : Generate PoC 8 Test Video : https://drive.google.com/file/d/1UBKqyOZL1pxA8_fiCBdMuS6D2bTxXsOa/view?usp=sharing
No csrf_token so that can login to the system

zxc7528064 commented 4 years ago

Hi ~ Thank you for taking this security issue seriously .

michu2k commented 4 years ago

Thanks It will probably be fixed, but I don't know when. Need to wait for @klocus. Cheers.

zxc7528064 commented 4 years ago

@michu2k Thanks you , can I use the Security issue to apply for CVE Number ?

michu2k commented 4 years ago

@zxc7528064 Unfortunately, I'm not the author of Batflat, so I don't think I can answer your question.

zxc7528064 commented 4 years ago

@michu2k Ok! I wait for author to answer it , Thanks you Best regards

zxc7528064 commented 4 years ago

@michu2k , if you fix the security problem , please tell me .

zxc7528064 commented 4 years ago

Do you have any update ?