stacksmasher007
stacksmasher007
/ CSRF
Created
April 15, 2021 05:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| There is a Cross-Site Request Forgery (CSRF) on 2bevolution version 7.2.3 attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. This occurs because web browsers automatically include most credentials with each request, such as session cookies, basic authentication header, IP address, and client side SSL certificates. | |
| <cfif NOT StructIsEmpty(form) > | |
| <cfif NOT CSRFverifyToken(form.token)> | |
| <cfabort showerror="Invalid Token" /> | |
| </cfif> | |
| <cfoutput><p>Hello, #EncodeForHTML(form.name)#</p></cfoutput> | |
| </cfif> |