Skip to content

Instantly share code, notes, and snippets.

View stacksmasher007's full-sized avatar

stacksmasher007

View GitHub Profile
There is a Cross-Site Request Forgery (CSRF) on 2bevolution version 7.2.3 attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. This occurs because web browsers automatically include most credentials with each request, such as session cookies, basic authentication header, IP address, and client side SSL certificates.
<cfif NOT StructIsEmpty(form) >
&lt;cfif NOT CSRFverifyToken(form.token)>
&lt;cfabort showerror="Invalid Token" />
&lt;/cfif>
&lt;cfoutput>&lt;p>Hello, #EncodeForHTML(form.name)#&lt;/p>&lt;/cfoutput>
</cfif>