- Status Closed
-
Assigned To
cbay - Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 04.11.2024
Last edited by cbay - 06.11.2024
Opened by waloodi_109 - 04.11.2024
Last edited by cbay - 06.11.2024
FS#93 - Logout CSRF
Logout CSRF
Hi Team,
This is a low risk but want you to know that logout on this domain admin.alwaysdata.com did not protect the logout form with csrf token, therefor i can logout any user by sending this url https://admin.alwaysdata.com/logout/.
Logout should have post method with a valid csrf token.
Let me know if you need more info.
Regards
Waleed Anwar
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hello,
That's correct, but I don't think that could pose any security risk.
Kind regards,
Cyril
Yes, you are right, but if you are domain have self xss so csrf logout will be chained with it.