lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061219222727.20996.qmail@securityfocus.com> Date: 19 Dec 2006 22:27:27 -0000 From: info@...nhead.it To: bugtraq@...urityfocus.com Subject: MkPortal Urlobox Cross Site Request Forgery MkPortal Urlobox Cross Site Request Forgery Discovered by: Demential Web: http://www.burnhead.it E-mail: info@...nhead.it Mkportal website: http://www.mkportal.it posting [img]?ind=urlobox&op=delete&idurlo=X[/img] in MkPortal urlobox where X is an ID of a message, when administrator opens urlobox page message X will be erased.