What does yoyr message has been moderated mean? On Mon, Apr 16, 2018, 3:00 AM Sonali Agrahari, <[email protected]> wrote:
> Hello all, > > I am using OFBiz 12.04 version in my application. > When logged in to the application as admin user and open web mail in > another browser , suppose we received a mail which have link > http://xyz.com/activate.html . > The links points to html file as : > > <html> > <head> > > </head> > <body> > <form action = > "https://localhost:8443/catalog/control/CreateProductCategory"; name = "f1" > id = "f1" method = "post"> > <input type = "hidden" name = "sectorName" id = "sectorName" value = > "SECTOR" > > <input type = "hidden" name = "productName" id = "productName" value > = > "PRODUCT" > > </form> > > </body> > </html> > > The user clicks on this link while he has logged on to the application. As > the crafted form is doing a post request in a valid session, the requested > post gets executed and result will be displayed i.e. all values will be > inserted in database properly. > And the link gets opened in other tab of same browser. > > How can resolve this type of vulnerability. > Kindly help. > > > Thanks & regards > Sonali > > > > > > > > > > -- > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html >
