You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
👋 Hello, @negative0, @Greenkeeper[bot], @jackw - a potential high severity Cross-Site Request Forgery (CSRF) vulnerability in your repository has been disclosed to us.
I launched rclone using this command: rclone rcd --rc-web-gui
Revisiting the issue, the problem seems to be the use of address http://127.0.0.1 instead of http://localhost in the POC. So please try the following POC to alter the bandwitch to 1M through CSRF. Also if the server needs credentials then this attack requires the user to be logged in. The logged in user is affected by CSRF just by visiting a malicious page hosted on attacker's website.
👋 Hello, @negative0, @Greenkeeper[bot], @jackw - a potential high severity Cross-Site Request Forgery (CSRF) vulnerability in your repository has been disclosed to us.
Next Steps
1️⃣ Visit https://huntr.dev/bounties/1-other-rclone/rclone-webui-react for more advisory information.
2️⃣ Sign-up to validate or speak to the researcher for more assistance.
3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.
Confused or need more help?
Join us on our Discord and a member of our team will be happy to help! 🤗
Speak to a member of our team: @JamieSlome
This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.
The text was updated successfully, but these errors were encountered: