TUCoPS :: Web :: Blogs :: tb13021.htm

Multiple CSRF in SimplePHPBlog
Multiple CSRF in SimplePHPBlog
Multiple CSRF in SimplePHPBlog


SimplePHPBlog=0D
Cross Site Request Forgeries=0D
Tested on v0.4.9=0D
=0D
Discovered by: Demential=0D
Web: http://hackish.altervista.org=0D 
E-mail: deme [at] hackish [dot] eu=0D
SimplePHPBlog website: http://www.simplephpblog.com/=0D 
=0D
=0D
- posting [img=add_block.php?action=delete&block_id=*] in a comment=0D
  where * is an ID of a block,=0D
  when administrator reads the comment=0D
  block * will be erased.=0D
=0D
- posting [img=add_link.php?action=delete&link_id=*] in a comment=0D
  where * is an ID of a link,=0D
  when administrator reads the comment=0D
  link * will be erased.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH