Bugtraq mailing list archives
Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management
From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 1 Dec 2009 09:00:57 -0800
On 30 Nov 2009, at 07:48, John Dos wrote:
After passing the Basic Auth login you can create/delete applications.
If Basic auth is the only protection, isn't dotDefender also vulnerable to XSRF?
Current thread:
- Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management Andrew Farmer (Dec 02)