Recently I did some testing with PHP Fusion 9 and found that I could create additional users as the admin is logged in due to the application not protecting against CSRF. I reached out to the development team and they had it fixed within 72 hours. Below is the original video that I sent them and then they provided one back showing they had fixed it and to test it again.
Video - Adding a user account through CSRF
Then here is the response about fixing the vulnerability in version 9.
Here is the youtube video that he posted as shown above in the screenshot: https://www.youtube.com/watch?v=5eLfA_ZEujQ&feature=youtu.be
No comments:
Post a Comment