Ticket #1113 (fixed bug)
Vulnerability to rebuild the search index
- Created: 2018-01-27 10:02:25
- Reported by: Visman
- Assigned to: Franz
- Milestone: 1.5.11
- Component: security
- Priority: normal
Message
Hello world :)
[color=#FFFFFF][img]https://fluxbb.org/forums/admin_maintenance.php?action=rebuild&i_per_page=1000000&i_start_at=1[/img][/color]
and the admin starts re-indexing a million messages on the forum
History
Franz 2018-02-07 16:57:36

- Milestone set to 1.5.11.
Nice find.
Sorry, I've been sick, hence the slow reply.
So this means we need a CSRF token on that route as well?
nsuchy 2018-07-17 17:37:22

- Uploaded patch 0001-Patch-rebuild-index-CSRF.patch. (view)
Attached is a .patch file to resolve the issue.
Franz 2018-07-17 21:54:12

- Status changed from open to fixed.
Applied locally. Will push this for the release.
Visman 2018-07-18 04:55:14

The patch will not work.
See the solution for my FluxBB https://github.com/MioVisman/FluxBB_by_ … 474b459d06
nsuchy 2018-07-18 17:01:44

Hi Visman,
We appreciate the feedback on our patch as well as the alternate patch you proposed. Would you mind letting us know why you recommend checking the referer rather than a CSRF token?
Cheers,
Nathaniel
Visman 2018-07-18 17:36:09

I'm not talking about this.
There is a loop that goes through the posts. And every cycle iteration must be protected, not just the form.
Franz 2018-07-18 21:00:17

- Status changed from fixed to open.
@nsuchy: Can you take care of that, please? (Using the token instead of the referrer check.)