Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management

From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 1 Dec 2009 09:00:57 -0800
On 30 Nov 2009, at 07:48, John Dos wrote:

After passing the Basic Auth login you can create/delete applications.



If Basic auth is the only protection, isn't dotDefender also vulnerable to XSRF?
Previous By Date Next
Previous By Thread Next

Current thread: