My name is Mohamed Abdelbaset Elnoby a Senior Information Security Analyst and Web Application Penetration Tester at Seekurity Inc.
I would like to report a Security Vulnerability in the Apache Allura Wiki Script fetailed as follow:
Cross Site Request Forgery - (CSRF)
Affected URL(s)/Forms Code:
Force users to subscribe/unsubscribe to any other user's wiki, the vulnerable links shows a PoC links to do so to my wiki account.
Waiting for your reply
Mohamed Abdelbaset Elnoby
Guru Programmer, Senior Information Security Consultant & Web Application Penetration Tester at Seekurity Inc.
Log in to post a comment.
This was ticketed at [#7685] and fixed recently. Thanks.