Not signed in (Sign In)

Issue information

Vanilla 1.1.5 is a product of Lussumo. More Information: Documentation, Community Support.

Vanilla: ajax/UpdateCheck.php CSRF vulnerability

1 to 2 of 2

- CommentAuthorDinoboff
- CommentTimeAug 8th 2008 edited
CSRF validation keys can be both missing from the request and the session
$PostBackKey = ForceIncomingString('PostBackKey', ''); $ExtensionKey = ForceIncomingString('ExtensionKey', ''); $RequestName = ForceIncomingString('RequestName', ''); if ($PostBackKey != $Context->Session->GetVariable('SessionPostBackKey', 'string')) { ...

It should be like:
if ($PostBackKey != '' && $PostBackKey != $Context->Session->GetVariable('SessionPostBackKey', 'string')) {
- CommentAuthorDinoboff
- CommentTimeAug 8th 2008
Fixed vanilla r713

In revision 714, I am adding a method to the session class to retrieve the key. It create the session key if needed and make the getting the key easier.:
/** * Return the key used for CSRF protection. * @return String */ function GetCsrfValidationKey() { $Key = $this->GetVariable('SessionPostBackKey', 'string'); if ($Key == '') { $Key = DefineVerificationKey(); $this->SetVariable('SessionPostBackKey', $Key); } return $Key; }
Vanilla r714, People r98, Framework r153

1 to 2 of 2