[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHP-fusion v7.02.06 XSRF/CSRF vulnerability

[ 0Day-ID-20806 ]
Full title
PHP-fusion v7.02.06 XSRF/CSRF vulnerability [ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.

Price: 10
Date add
Category
Platform
Verified
Price
 
0 BTC

 
25 USD
Risk
[
Security Risk High
]
Rel. releases
Description
The PHP-Fusion BBCode system contains a XSRF vulnerability which is exploited through the IMG tags. The function that checks a remote image link will output an image as a long a as it meets the requirements (in this cases an image). Check image exists => check file extension is valid for images => if !$err => display image
else => not display image.
Vendor
http://www.php-fusion.co.uk
Affected ver
v7.02.06 and below.
Tested on
PHP-Fusion
Tags
php-fusion   fusion   bbcode     img  
Other Information
Abuses
0
Comments
1
Views
14 405
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!
Please login or register to buy exploit.
OR
Buy incognito
2
0
Verified by 0day Admin
Verified by 0day Admin
This material is checked by Administration and absolutely workable.
Learn more about    GOLD:
0day.today Gold is the currency of 0day.today project and is denoted on this site as such image: . It used for paying for the services, buying exploits, earning money, etc
We accept:
BitCoin (BTC)
You can pay us via BTC
LiteCoin (LTC)
You can pay us via LTC
Ethereum (ETH)
You can pay us via ETH

Author
BL
29
Exploits
2
Readers
0
[ Comments: 1 ]
Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.

Login or register to leave comments