✉
Log in
|
Register
Home
Images
Models
Tags
Forum
1236917
/forum/ajax_subscribe
/forum/ajax_move_thread
/forum/ajax_edit_subject
Forum
>
Bug Reports
> Thread
$_GET should be tokenized
« first
< prev
Page 1 of 1
next >
last »
1236917
/forum/thread/1236917/?page=1"e=[id]
nesquik
Sep 30, 2015
-
permalink
Details:
Any user action performed using $_GET should be accompanied by a token.
For example, logging out a user can be done by anyone like this thread does because of the broken image below.
The image navigates to
http://www.girlswithmuscle.com/?logout=1
, however if you had a random token along with it that would block someone from performing actions as another user. For example
http://www.girlswithmuscle.com/?logout=93ckd24
would prevent me from guessing the token.
Logging out a user is harmless, but other actions could pose a risk to the user.
Any user action performed using $_GET should be accompanied by a token.<br /><br />For example, logging out a user can be done by anyone like this thread does because of the broken image below.<br /><br />The image navigates to <tt class="bbc_tt"><a href="http://www.girlswithmuscle.com/?logout=1" class="bbc_link" target="_blank" rel="noopener noreferrer">http://www.girlswithmuscle.com/?logout=1</a></tt>, however if you had a random token along with it that would block someone from performing actions as another user. For example <tt class="bbc_tt"><a href="http://www.girlswithmuscle.com/?logout=93ckd24" class="bbc_link" target="_blank" rel="noopener noreferrer">http://www.girlswithmuscle.com/?logout=93ckd24</a></tt> would prevent me from guessing the token.<br /><br />Logging out a user is harmless, but other actions could pose a risk to the user.
Chainer
★
Oct 06, 2015
-
permalink
Details:
Thanks. You are right, that is how it should be done.
I'm going to edit the image out of your post so that it does not affect more users.
Thanks. You are right, that is how it should be done.<br /><br />I'm going to edit the image out of your post so that it does not affect more users.
Chainer
★
Oct 10, 2015
-
permalink
Details:
The logout is fixed now. Please let me know if you find other similar things lying around.
The logout is fixed now. Please let me know if you find other similar things lying around.
« first
< prev
Page 1 of 1
next >
last »
/comments/render_markdown/
“
🔗
B
i
1.
•
help
Preview
Log in |
Register
For example, logging out a user can be done by anyone like this thread does because of the broken image below.
The image navigates to http://www.girlswithmuscle.com/?logout=1, however if you had a random token along with it that would block someone from performing actions as another user. For example http://www.girlswithmuscle.com/?logout=93ckd24 would prevent me from guessing the token.
Logging out a user is harmless, but other actions could pose a risk to the user.