Announcement

Collapse
No announcement yet.

Cross-site Request Forgery

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cross-site Request Forgery

    I noticed a cross site request forgery vulnerability in the pics.defcon.org system, nothing too serious at the moment.

    http://dc949.org/dc_pics_csrf.php
    Don't click unless you want a new favorite photo, and a new buddy.

    There also appears to be a problem with the persistent authentication, you can view and add-to the favorite pictures list while logged out, though the added favorites are only viewable when logged out, go figure.
    Last edited by CP99; September 4, 2008, 21:22.

  • #2
    Re: Cross-site Request Forgery

    Originally posted by CP99 View Post
    I noticed a cross site request forgery vulnerability in the pics.defcon.org system, nothing too serious at the moment.

    http://dc949.org/dc_pics_csrf.php
    Don't click unless you want a new favorite photo, and a new buddy.

    There also appears to be a problem with the persistent authentication, you can view and add-to the favorite pictures list, though the added favorites are only viewable when logged out, go figure.
    Thanks for the report. We'll look into this too. :-)

    -Cot

    Comment

    Working...
    X