Responsible Disclosure of CSRF in PHP Fusion 9

Recently I did some testing with PHP Fusion 9 and found that I could create additional users as the admin is logged in due to the application not protecting against CSRF.  I reached out to the development team and they had it fixed within 72 hours.  Below is the original video that I sent them and then they provided one back showing they had fixed it and to test it again.

Video - Adding a user account through CSRF

video



Then here is the response about fixing the vulnerability in version 9.
Here is the youtube video that he posted as shown above in the screenshot:  https://www.youtube.com/watch?v=5eLfA_ZEujQ&feature=youtu.be



Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3