Bug #1834
CSRF in Admin CP Join Requests
| Status: | Closed | Start date: | 12/08/2011 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | Tom Moore | % Done: | 100% |
|
| Category: | Admin Control Panel | |||
| Target version: | 1.6.7 | |||
| Reproducibility: | Always | Database Type: | ||
| Reported In MyBB Version: | 1.6.5 | Database Version: | ||
| PHP Version: | SQA assignments: | Jitendra Maharaj | ||
| Browser: |
Description
This is quite low risk as the request id either needs to be:
-Guessed
-Bruteforced
Either way it's exploitable. Especially for forums with a low member count as the chances of them guessing the id are a lot higher than larger forums.
<img src="http://forum.com/admin/index.php?module=user-groups&action=approve_join_request&rid={id}" />
[img]http://forum.com/admin/index.php?module=user-groups&action=approve_join_request&rid={id}[/img]
<img src="http://forum.com/admin/index.php?module=user-groups&action=deny_join_request&rid={id}" />
[img]http://forum.com/admin/index.php?module=user-groups&action=deny_join_request&rid={id}[/img]
Simply needs a check for a post code.
Associated revisions
Fixes CSRF in Admin CP Join Requests (fixes #1834)
History
#1 Updated by Tom Moore 6 months ago
- Category set to Admin Control Panel
- Status changed from New to Assigned
- Assignee set to Tom Moore
- Target version set to 1.6.6
#2 Updated by Tom Moore 6 months ago
- Status changed from Assigned to Resolved
- % Done changed from 0 to 100
Applied in changeset r5712.
#3 Updated by Jitendra Maharaj 5 months ago
- Status changed from Resolved to Closed
- SQA assignments set to Jitendra Maharaj