Nextcloud: Lost Password CSRF

ID H1:145583
Type hackerone
Reporter mefkan
Modified 2016-06-19T09:56:51



I think it is something about your Wordpress version.It's not something highy risky bu it is vulnerability.


<form name="lostpasswordform" id="lostpasswordform" action="" method="post" style="position: static; left: 0px;"> <p> <label for="user_login">Username or Email<br> <input type="text" name="user_login" id="user_login" class="input" value="" size="20"></label> </p> <input type="hidden" name="redirect_to" value=""> <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Get New Password"></p> </form>

For testing CSRF I added the .html file to attachments.And there is a screenshot for you.

How To Fix :

Adding rp_key will be fine.

Please take a look at links below

Best Regards,