csrf attack (General)
by Micha 
, Wednesday, June 29, 2011, 06:02 (4705 days ago) @ tcolgan001
edited by Micha, Wednesday, June 29, 2011, 06:14
Hi,
Does anyone have any information on the report of a remote Cross-site Request Forgery (CSRF / XSRF) attack on my little forum?
Yes, it works but I think it is noncritical because: "A person with admin permissions if visits the site, will automatically creat user admin4 with password "newpassword" without warning".
No user or moderator can add a new user and an admin has to logout. The new user has no admin privileges.
regards
Micha
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
![[*]](themes/default/images/complete_thread.png "Open whole thread"){kind=small}