Somebody can post a content with a "img" tag and use "src" like "http://www.domain.com/vote_up_down/node//1/1"/>
So each user who has voting permissions and who will look this content will vote up for the node automatically.

seems it's a urgent security problem.

Comments

habralex’s picture

habralex commented

Somebody can post a content with a "img" tag and use "src" like "http://www.domain.com/vote_up_down/node/"node id"/1/1"/>
So each user who has voting permissions and who will look this content will vote up for the node ("node id") automatically.

seems it's a urgent security problem.

stephencarr’s picture

stephencarr commented

Does anyone have any ideas how to fix this? Seems like each vote needs to carry a token or some kind of unique hash that is generated and will work only once. I am not a developer so I don't really know how to solve the problem but it does seem like an important one to fix.

Akzhan@drupal.ru’s picture

Akzhan@drupal.ru commented

Another point of view to the problem: Smb. can add img with src eq to /site/user/logout/

Checking of %ENV['HTTP_REFERRER'] provides the solution.

Akzhan@drupal.ru’s picture

Akzhan@drupal.ru commented

Additional comment using mention of XSS-blocking specialist:

For logout and captcha forms GET method is devil.

Krummrey’s picture

Krummrey commented

So is this still active?

Maybe the Security-Team ought to look at this for help.

marvil07’s picture

marvil07 commented
Version: » 5.x-1.x-dev
Status: Active » Closed (won't fix)

Please take a look to the update on the project page, now 5.x is not-really-maintained.

If you think your report is still applicably to the last recommended version(6.x-2.x) please move the version accordingly and reopen it, but there we use tokens on links, so it's solved there.