csrf attack (General)
Hi,
Does anyone have any information on the report of a remote Cross-site Request Forgery (CSRF / XSRF) attack on my little forum?
Yes, it works but I think it is noncritical because: "A person with admin permissions if visits the site, will automatically creat user admin4 with password "newpassword" without warning".
No user or moderator can add a new user and an admin has to logout. The new user has no admin privileges.
regards
Micha
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences