forked from mithrandir/metabbs
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF 보안 취약점 #235
Comments
일단 대충만 작업해두도록 하겠습니다. 심각한 문제는 아니니; --ditto |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://www.securityfocus.com/bid/33626
외부 사이트에서 양식을 제출하여 관리자 암호를 바꾸는 것이 가능합니다. 관리자 암호를 바꾸는 기능을 뺐기 때문에 현재 trunk의 코드에는 해당되지 않습니다. 근본적으로 CSRF 취약점에 대한 대책이 필요합니다.
The text was updated successfully, but these errors were encountered: