Changes between Initial Version and Version 2 of Ticket #15845


Ignore:
Timestamp:
04/18/2011 07:27:41 PM (4 years ago)
Author:
russellm
Comment:

I would also point out that if you even *suspect* that you have found a security issue with Django, *DO NOT* report it in Trac. Mail security@… instead.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #15845

    • Property Status changed from new to closed
    • Property Patch needs improvement unset
    • Property Needs tests unset
    • Property Needs documentation unset
    • Property Resolution changed from to invalid
  • Ticket #15845 – Description

    initial v2  
    11The CSRF validation compares request.COOKIES[settings.CSRF_COOKIE_NAME] and request.POST.get('csrfmiddlewaretoken', '') to see if a request is legal. But unfortunately both two values are provided by the client side, and they are the same. So it is easy for attackers to fake a request that no 403 will be thrown.
    2 
    32
    43The attached project provides one url entry that returns "ok", unless CSRF fails. Following cmds show how to cheat.
Back to Top