Exploits / Vulnerability Discovered : 2018-04-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Cobub razor 0.7.2 crosssite request forgery is for educational purposes only and if it is used you will do on your own risk!
There is a vulnerability. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.