** Changed in: mahara/15.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1480329
Title:
Session key is not checked during file upload
Status in Mahara:
Fix Released
Status in Mahara 1.10 series:
Fix Released
Status in Mahara 1.9 series:
Fix Released
Status in Mahara 15.04 series:
Fix Released
Status in Mahara 15.10 series:
Fix Released
Bug description:
Hi this is Abdullah ,
I found CSRF make user upload files to any group without his know it
can be used to attack admins to upload evil files .
PoC :
video
http://www.youtube.com/watch?v=M-NyrwKBzmw&feature=youtu.be
the fix :
check sesskey is valid in (groupfiles.php)
I hope put my name in release note .
Are there a CVE for this bug ?
Thanks
Used mahara least version
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1480329/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
