Cross-site Request Forgery
A Cross-site Request Forgery (CSRF) attack allows you to execute code on a site via another website.
You can simulate a CRSF vulnerability by having two Joomla! installations on your local development environment, both with
com_folio installed. Let's assume your sites are
On your Joomla! 3 site, edit
updfolio.php located under
/components/com_folio/controllers, and add the following. This function is copied from
form.php that is located under
/libraries/legacy/controller, which is the parent class that this controller inherits from. Note the highlighted changes from the original class, where we have commented out the
checkToken and some of the access checking.