News:

Support the VirtueMart project and become a member

Main Menu

CSRF protection implemented

Started by batboiko, September 05, 2013, 19:28:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

batboiko

September 05, 2013, 19:28:26 PM
Someone just scan my website and send me this :

Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the affected HTML form.

Attack details
Form name: userForm
Form action: https://mywebsite.com/your-details.html
Form method: POST

Form inputs:

username [Text]
name [Text]
password [Password]
password2 [Password]
email [Text]
company [Text]
title [Select]
first_name [Text]
middle_name [Text]
last_name [Text]
address_1 [Text]
address_2 [Text]
zip [Text]
city [Text]
virtuemart_country_id [Select]
virtuemart_state_id [Select]
phone_1 [Text]
phone_2 [Text]
fax [Text]
Maywecontactyou [Select]
atcf [Text]
Ethics [Select]
Terms [Select]
task [Hidden]
address_type [Hidden]
option [Hidden]
controller [Hidden]

How can i fix that ?

jenkinhill

#2
September 08, 2013, 11:42:24 AM
On-line scanners are notoriously unreliable so any reports should be investigated with great care..

Have you updated to the current security fixed version? http://virtuemart.net/news/list-all-news/446-important-security-release-vm-team-at-joomladay-germany
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

batboiko

#3
September 08, 2013, 15:22:09 PM Last Edit: September 08, 2013, 20:59:07 PM by batboiko
Thank you for your respond. Yes i'm using the latest VM version.

Acunetix WVS is not Online Scanner. It is software.
Print
Go Up Pages1
User actions