Friday, March 11, 2016

Responsible Disclosure of CSRF in PHP Fusion 9

Recently I did some testing with PHP Fusion 9 and found that I could create additional users as the admin is logged in due to the application not protecting against CSRF.  I reached out to the development team and they had it fixed within 72 hours.  Below is the original video that I sent them and then they provided one back showing they had fixed it and to test it again.

Video - Adding a user account through CSRF


Then here is the response about fixing the vulnerability in version 9.
Here is the youtube video that he posted as shown above in the screenshot:

No comments:

Post a Comment

Powershell - Gather Mapped Drives from a List of Computer Names

I created the following Powershell script to gather remotely the mapped drives that users had in their profiles.  I had to create the script...