csrf attack (General)

by tcolgan001, Tuesday, June 28, 2011, 20:17 (4705 days ago)

Does anyone have any information on the report of a remote Cross-site Request Forgery (CSRF / XSRF) attack on my little forum?

http://osvdb.org/show/osvdb/72470

thanx

Avatar

csrf attack

by Micha ⌂, Wednesday, June 29, 2011, 06:02 (4705 days ago) @ tcolgan001
edited by Micha, Wednesday, June 29, 2011, 06:14

Hi,

Does anyone have any information on the report of a remote Cross-site Request Forgery (CSRF / XSRF) attack on my little forum?

Yes, it works but I think it is noncritical because: "A person with admin permissions if visits the site, will automatically creat user admin4 with password "newpassword" without warning".

No user or moderator can add a new user and an admin has to logout. The new user has no admin privileges.

regards
Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

csrf attack

by tcolgan001, Wednesday, June 29, 2011, 12:20 (4704 days ago) @ Micha

Thanks Micha

RSS Feed of thread