43 matches found
Mail.ru: No CSRF token used in Phone Verification POST
When I tried to register in mail.ru,I submitted my phone number and Got a verification code in my phone. During submission of that code,I saw that POST goes without any CSRF tokens.And I identified two other vulnerabilities on that procedure. 1. No Session Verification on server side while...
WordPress Plugin Portable phpMyAdmin - Authentication Bypass
WordPress Plugin Portable phpMyAdmin - Authentication Bypass 'portable-phpMyAdmin WordPress Plugin' Authentication Bypass CVE-2012-5469 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- portable-phpMyAdmin doesn't verify an existing WordPress session...
Network fun online shopping system fashion version 1 0. 3 injection vulnerability-vulnerability warning-the black bar safety net
Network fun online shopping system fashion version 1 0. 3 in the member login to edit an order at the presence ofSQL injection, to cause the administrator password is injected into the storm of the MD5 vulnerability. Vulnerability:file editorderform. asp, the presence ofsql injectionvulnerability...