Cross-site Request Forgery
A Cross-site Request Forgery (CSRF) attack allows you to execute code on a site via another website.
You can simulate a CRSF vulnerability by having two Joomla! installations on your local development environment, both with com_folio
installed. Let's assume your sites are http://localhost/joomla3
and http://localhost/joomlatest
.
On your Joomla! 3 site, edit updfolio.php
located under /components/com_folio/controllers
, and add the following. This function is copied from form.php
that is located under /libraries/legacy/controller
, which is the parent class that this controller inherits from. Note the highlighted changes from the original class, where we have commented out the checkToken
and some of the access checking.
Get Learning Joomla! 3 Extension Development - Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.