Bug CSRF within hashtag

Status
Not open for further replies.

Revoltek

New member
just got the report from one of our user...

i looked @ changelog but there wasnt any comment for CSRF fix .. so

usertag.php?do=togglesubscription&hash=404 hashtagged you ;>

-------->

/usertag.php?do=profile&action=hashsubscription

the link could probably beeing postet as picture

for example
PHP:
 [img]http://www.dragonbyte-tech.com/usertag.php?do=togglesubscription&hash=404 hashtagged you ;>[/img]
 
Update: In the next version, I will add the "Security Token" functionality to that page :)


For the future, please be aware that failure to provide a valid URL will result in us being unable to offer you support. This is an exceptional case, as it's an issue that potentially affects all users.
 
For the future, please be aware that failure to provide a valid URL will result in us being unable to offer you support..

that was not a real support request, just a vuln report ... cause it is working also here i was sure that i do not need to add url :D
 
Status
Not open for further replies.

Legacy Advanced User Tagging

vBulletin 3.8.x vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
2,502
Customer rating
0.00 star(s) 0 ratings
Back
Top