ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Le Roux <jacques.le.r...@les7arts.com>
Subject Re: How to resolve CSRF attack
Date Tue, 17 Apr 2018 09:27:10 GMT
It means that the person sends a message to the ML w/o being subscribed to it. So we (moderators)
have to allow this message to pass.

Jacques


Le 17/04/2018 à 04:49, Chris Clark a écrit :
> What does yoyr message has been moderated mean?
>
> On Mon, Apr 16, 2018, 3:00 AM Sonali Agrahari, <sonaliagrahari8@gmail.com>
> wrote:
>
>> Hello all,
>>
>>    I am using OFBiz 12.04 version in my application.
>>    When logged in to the application as admin user and open web mail in
>> another browser , suppose we received a mail  which have link
>> http://xyz.com/activate.html .
>> The links points to html file as :
>>
>> <html>
>>   <head>
>>
>> </head>
>> <body>
>>    <form action =
>> "https://localhost:8443/catalog/control/CreateProductCategory" name = "f1"
>> id = "f1" method = "post">
>>       <input type = "hidden" name = "sectorName" id = "sectorName" value =
>> "SECTOR" >
>>        <input type = "hidden" name = "productName" id = "productName" value
>> =
>> "PRODUCT" >
>>    </form>
>>
>> </body>
>> </html>
>>
>> The user clicks on this link while he has logged on to the application. As
>> the crafted form is doing a post request in a valid session, the requested
>> post gets executed and result will be displayed i.e. all values will be
>> inserted in database properly.
>> And the link gets opened in other tab of same browser.
>>
>> How can resolve this type of vulnerability.
>> Kindly help.
>>
>>
>> Thanks & regards
>> Sonali
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html
>>


Mime
View raw message