Log in | Register
Forum > Bug Reports > Thread

$_GET should be tokenized

nesquik
Sep 30, 2015 - permalink
Any user action performed using $_GET should be accompanied by a token.

For example, logging out a user can be done by anyone like this thread does because of the broken image below.

The image navigates to http://www.girlswithmuscle.com/?logout=1, however if you had a random token along with it that would block someone from performing actions as another user. For example http://www.girlswithmuscle.com/?logout=93ckd24 would prevent me from guessing the token.

Logging out a user is harmless, but other actions could pose a risk to the user.
Chainer
Oct 06, 2015 - permalink
Thanks. You are right, that is how it should be done.

I'm going to edit the image out of your post so that it does not affect more users.
Chainer
Oct 10, 2015 - permalink
The logout is fixed now. Please let me know if you find other similar things lying around.
« first < prev Page 1 of 1 next > last »