jforum csrf vulnerability fix

Bug fixes and enhancements for JForum 2.x

Brought to you by: andowson, udittmer

#47 jforum csrf vulnerability fix

Status: Fixed

Owner: nobody

Labels: None

Priority: Medium

Component:

Type: Defect

OpSys:

Updated: 2015-01-23

Created: 2013-10-27

Creator: Anonymous

Private: No

Originally created by: kadir.ba... (code.google.com)@gmail.com
Originally owned by: andow... (code.google.com)@gmail.com

hello , we have seen csrf vulnerability on jforum.

There is as fix here:
https://github.com/boyarsky/jforumCsrf

But i could not found how to compile and run fixer
Here is ZerodayLab specification:
http://www.zerodaylab.com/zdl-advisories/2012-5337.html

Related

Wiki: NewFeatures240

Discussion

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2013-10-28

Originally posted by: andow... (code.google.com)@gmail.com

Please check or fix it

Owner: ulf.dittmer

*Originally posted by:* [andow...@gmail.com](http://code.google.com/u/113462498930882494708/) Please check or fix it **Owner:** ulf.dittmer

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2013-11-06

Originally posted by: ulf.dittmer (code.google.com)

A writeup of how this fix came about can be found at http://www.selikoff.net/2013/02/09/fixing-csrf-for-jforum/

*Originally posted by:* [ulf.dittmer](http://code.google.com/u/ulf.dittmer/) A writeup of how this fix came about can be found at [http://www.selikoff.net/2013/02/09/fixing-csrf-for-jforum/](http://www.selikoff.net/2013/02/09/fixing-csrf-for-jforum/)

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Comment has been marked as spam.
Undo

View and moderate all "tickets Discussion" comments posted by this user

Mark all as spam, and block user from posting to "Tickets"

Anonymous - 2015-01-23

Originally posted by: andow... (code.google.com)@gmail.com

I've done some fix for CSRF in [r382]. Try it.

Owner: andow...@gmail.com
Status: Fixed

*Originally posted by:* [andow...@gmail.com](http://code.google.com/u/113462498930882494708/) I've done some fix for CSRF in [r382]. Try it. **Owner:** andow...@gmail.com **Status:** Fixed

Add attachments
Cancel
You seem to have CSS turned off. Please don't fill out this field.

You seem to have CSS turned off. Please don't fill out this field.

New Attachment:

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.