What does yoyr message has been moderated mean?

On Mon, Apr 16, 2018, 3:00 AM Sonali Agrahari, <sonaliagraha...@gmail.com>
wrote:

> Hello all,
>
>   I am using OFBiz 12.04 version in my application.
>   When logged in to the application as admin user and open web mail in
> another browser , suppose we received a mail  which have link
> http://xyz.com/activate.html .
> The links points to html file as :
>
> <html>
>  <head>
>
> </head>
> <body>
>   <form action =
> "https://localhost:8443/catalog/control/CreateProductCategory"; name = "f1"
> id = "f1" method = "post">
>      <input type = "hidden" name = "sectorName" id = "sectorName" value =
> "SECTOR" >
>       <input type = "hidden" name = "productName" id = "productName" value
> =
> "PRODUCT" >
>   </form>
>
> </body>
> </html>
>
> The user clicks on this link while he has logged on to the application. As
> the crafted form is doing a post request in a valid session, the requested
> post gets executed and result will be displayed i.e. all values will be
> inserted in database properly.
> And the link gets opened in other tab of same browser.
>
> How can resolve this type of vulnerability.
> Kindly help.
>
>
> Thanks & regards
> Sonali
>
>
>
>
>
>
>
>
>
> --
> Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html
>

Reply via email to