[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Hijacking Feeds with Feedburner

To: full-disclosure@xxxxxxxxxxxxxxxxx, "Webappsec Mail List" <webappsec@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Hijacking Feeds with Feedburner
From: "David Kierznowski" <david.kierznowski@xxxxxxxxx>
Date: Wed, 3 Oct 2007 23:30:47 +0100

 The famour Feedsmith Feedburner plugin is vulnerable to a CSRF attack that
can allow an attacker to
completely hijack blog feeds.

Google responded quickly, and a fix is available.

The advisory includes a proof of concept exploit:
http://blogsecurity.net/wordpress/feedburner-feed-hijacking/

--
DK
http://gnucitizen.org/about/dk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
Next by Date: [Full-disclosure] rPSA-2007-0206-1 openssl openssl-scripts
Previous by thread: [Full-disclosure] rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
Next by thread: [Full-disclosure] rPSA-2007-0206-1 openssl openssl-scripts
Index(es):
- Date
- Thread