Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-3776: Strict cookie · star7th/showdoc@67093c8

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CVE
#csrf

Permalink

Showing with 16 additions and 5 deletions.

  1. +16 −5 server/Application/Api/Controller/UserController.class.php

@@ -42,8 +42,12 @@ public function register(){

unset($ret[‘password’]);

session(“login_user” , $ret );

$token = D(“UserToken”)->createToken($ret[‘uid’]);

cookie('cookie_token’,$token,array(‘expire’=>60*60*24*90,’httponly’=>’httponly’));//此处由服务端控制token是否过期,所以cookies过期时间设置多久都无所谓

$this->sendResult(array(

if(version_compare(PHP_VERSION,’7.3.0’,’>’)){

setcookie('cookie_token’,$token,array(‘expires’=>time()+60*60*24*180,’httponly’=>’httponly’,’samesite’ => ‘Strict’,’path’=>’/’));

}else{

cookie('cookie_token’,$token,array(‘expire’=>60*60*24*180,’httponly’=>’httponly’));

}

$this->sendResult(array(

“uid” => $ret[‘uid’] ,

“username” => $ret[‘username’] ,

“name” => $ret[‘name’] ,

@@ -134,7 +138,11 @@ public function login(){

session(“login_user” , $ret );

D(“User”)->setLastTime($ret[‘uid’]);

$token = D(“UserToken”)->createToken($ret[‘uid’],60*60*24*180);

cookie('cookie_token’,$token,array(‘expire’=>60*60*24*180,’httponly’=>’httponly’));//此处由服务端控制token是否过期,所以cookies过期时间设置多久都无所谓

if(version_compare(PHP_VERSION,’7.3.0’,’>’)){

setcookie('cookie_token’,$token,array(‘expires’=>time()+60*60*24*180,’httponly’=>’httponly’,’samesite’ => ‘Strict’,’path’=>’/’));

}else{

cookie('cookie_token’,$token,array(‘expire’=>60*60*24*180,’httponly’=>’httponly’));

}

$this->sendResult(array(

“uid” => $ret[‘uid’] ,

“username” => $ret[‘username’] ,

@@ -247,8 +255,11 @@ public function registerByVerify(){

unset($ret[‘password’]);

session(“login_user” , $ret );

$token = D(“UserToken”)->createToken($ret[‘uid’]);

cookie('cookie_token’,$token,array(‘expire’=>60*60*24*90,’httponly’=>’httponly’));//此处由服务端控制token是否过期,所以cookies过期时间设置多久都无所谓

if(version_compare(PHP_VERSION,’7.3.0’,’>’)){

setcookie('cookie_token’,$token,array(‘expires’=>time()+60*60*24*180,’httponly’=>’httponly’,’samesite’ => ‘Strict’,’path’=>’/’));

}else{

cookie('cookie_token’,$token,array(‘expire’=>60*60*24*180,’httponly’=>’httponly’));

}

$this->sendResult(array(

“uid” => $ret[‘uid’] ,

“username” => $ret[‘username’] ,

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907