Changes between Initial Version and Version 2 of Ticket #15845


Ignore:
Timestamp:
Apr 18, 2011, 7:27:41 PM (13 years ago)
Author:
Russell Keith-Magee
Comment:

I would also point out that if you even *suspect* that you have found a security issue with Django, *DO NOT* report it in Trac. Mail security@… instead.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #15845

    • Property Resolutioninvalid
    • Property Status newclosed

  • Ticket #15845 – Description

    initial v2  
    11The CSRF validation compares request.COOKIES[settings.CSRF_COOKIE_NAME] and request.POST.get('csrfmiddlewaretoken', '') to see if a request is legal. But unfortunately both two values are provided by the client side, and they are the same. So it is easy for attackers to fake a request that no 403 will be thrown.
    2 
    32
    43The attached project provides one url entry that returns "ok", unless CSRF fails. Following cmds show how to cheat.
Back to Top