4 matches found
CVE-2008-7193
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...
Cross site request forgery (csrf)
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...
CVE-2008-7193
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...
phpkit-xsrf.txt
PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilites founded by NBBN Vendor: http://www.phpkit.de/ PHPKIT sends in all link in the forum the sessionid via GET. So if an attacker send a link to a victim, for example in a private message, he have the sessionid if he filter the Referer: ::Vulnerabilites: There ar...