Info about a vulnerability issue

WebCrew

posted Sep 1 '20 at 1:35 am

Hallo @admin Joel wrote me (via chat) something about some security issues. I dont know if you already informed about it and if it got already fixed or not, thats why I post his info here again.

He wrote me:

Its me Joel Aviad Ossi
Are you here
Stored XSS Affecting admins!

https://codologic.com/forum/index.php?u=/user/profile/13903/edit
https://codologic.com/forum/admin/index.php?page=users/manage&action=edit&user_id=13903

This is not a vulnerability in codofurm but codologic central
it creates user in database without sanitization

This is very dangerous because there is still no httponly on the session cookie, attackers can steal your session and hijack admin accounts!

Kind regards, Andy smile

Hallo @admin Joel wrote me (via chat) something about some security issues. I dont know if you already informed about it and if it got already fixed or not, thats why I post his info here again. **He wrote me:** Its me Joel Aviad Ossi Are you here **Stored XSS Affecting admins!** https://codologic.com/forum/index.php?u=/user/profile/13903/edit https://codologic.com/forum/admin/index.php?page=users/manage&action=edit&user_id=13903 This is not a vulnerability in **codofurm but codologic central** it creates user in database without sanitization This is very dangerous because there is still no httponly on the session cookie, attackers can steal your session and hijack admin accounts! Kind regards, Andy :)

https://net-twin.de/ Community for creative people - JOIN
https://github.com/WebCrew My GitHub account
https://prattle.space A niceTwitter alternative - JOIN
https://sell-co.de/ Lots of Tools and Utilities for free

admin

posted Sep 4 '20 at 10:06 am

Yes, we know about this and we had fixed it. We will check it again.

Necessity is the mother of all inventions!

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history