[#25632] - Admin - Can save user detail with invalid / past Registration date using burpsuit.
- Closed
- 22 Sep 2019
- Medium
- Build: 3.9.10
- # 25632
Steps to reproduce the issue
- Start burpsuit and open Joomla admin panel
- Go to the Users list view
- Open any existing registered user for edit.
- Now start burpsuit intercept.
- Now click on the Save button from the user edit page.
- Now check Params in burpsuit and update the date as required.
- Click on Froward button to submit a request.
- Do the forward action 2-3 times and off the Intercept.
- Check the updated record in Joomla admin list
Expected result
The registration date should not accept an invalid/past date and date greater than the last visit date
Actual result
System accept invalid or past Registration date
System information (as much as possible)
PHP Built On Linux lamp134.cloudaccess.net 3.10.0-962.3.2.lve1.5.24.7.el6h.x86_64 #1 SMP Mon Dec 17 12:02:35 EST 2018 x86_64
Database Type mysql
Database Version 5.7.24-cll-lve
Database Collation utf8_general_ci
Database Connection Collation utf8mb4_general_ci
PHP Version 7.1.30
Web Server Apache
WebServer to PHP Interface cgi-fcgi
Joomla! Version Joomla! 3.9.10 Stable [ Amani ] 10-July-2019 15:57 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Additional comments
Votes
joomla-cms-bot
- | Title |
|
||||||
franz-wohlkoenig
- | Labels |
Added:
J3 Issue
|
||
| Status | New | ⇒ | Discussion |
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-09-22 03:08:30 |
| Closed_By | ⇒ | Quy |
Duplicate #24780, but just a different way of producing the issue.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/25632.
@AdityaTaware Please test PR #27328
That's because there is no validation in the xml (client side) and there is no validation on that form (server side)