mahara-contributors team mailing list archive

Thread
Date

[Bug 1480329] Re: Session key is not checked during file upload

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1480329@xxxxxxxxxxxxxxxxxx>
Date: Wed, 19 Aug 2015 04:57:30 -0000
Reply-to: Bug 1480329 <1480329@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

** Changed in: mahara/1.10
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1480329

Title:
  Session key is not checked during file upload

Status in Mahara:
  Fix Committed
Status in Mahara 1.10 series:
  Fix Released
Status in Mahara 1.9 series:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Released
Status in Mahara 15.10 series:
  Fix Committed

Bug description:
  Hi this is Abdullah ,

  I found CSRF make user upload files to any group without his know it
  can be used to attack admins to upload evil files .

  PoC :

  video

  http://www.youtube.com/watch?v=M-NyrwKBzmw&feature=youtu.be

  the fix :

  check sesskey is valid in (groupfiles.php)

  I hope put my name in release note .

  Are there a CVE for this bug ?

  Thanks

  Used mahara least version

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1480329/+subscriptions