You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2020/03/28 09:17:00 UTC
[jira] [Comment Edited] (OFBIZ-11425) Test "POC for CSRF Token"
[ https://issues.apache.org/jira/browse/OFBIZ-11425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17069336#comment-17069336 ]
Jacques Le Roux edited comment on OFBIZ-11425 at 3/28/20, 9:16 AM:
-------------------------------------------------------------------
If you are interested to test, manually or with the penetration tool of you choice, you can do so at
https://168.63.29.103:8443/webtools
https://168.63.29.103:8443/ecomseo
This is thank to Ross Gardler and Microsoft for providing an Azure Ubuntu 18.04.4 LTS VM where I installed OFBiz trunk patched for CSRF.
Please break it :)
was (Author: jacques.le.roux):
If you are interested to test, manually or with the tool of you choice, you can do so at
https://168.63.29.103:8443/webtools
https://168.63.29.103:8443/ecomseo
This is thank to Ross Gardler and Microsoft for providing an Azure Ubuntu 18.04.4 LTS VM where I installed OFBiz trunk patched for CSRF.
Please break it :)
> Test "POC for CSRF Token"
> -------------------------
>
> Key: OFBIZ-11425
> URL: https://issues.apache.org/jira/browse/OFBIZ-11425
> Project: OFBiz
> Issue Type: Test
> Components: ALL APPLICATIONS
> Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
> Hi All,
> This "test" Jira to ask your help to review and test the work done in OFBIZ-11306. We have done all our possible, and now help is welcome. If you are experienced with penetrations tools, please use them.
> You can find the branch to use in https://github.com/JacquesLeRoux/ofbiz-framework/tree/POC-for-CSRF-Token-OFBIZ-11306. It's ready to merge in OFBiz trunk but we will not create a PR before being rassured that we (James and I) did not miss any issues. Like links without "csrf" token, or regressions introduced by the effort.
> TIA
--
This message was sent by Atlassian Jira
(v8.3.4#803005)