Re: Multiple CSRF in SimplePHPBlog

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Multiple CSRF in SimplePHPBlog
From: "Hanno Böck" <ml@xxxxxxxxx>
Date: Wed, 17 Oct 2007 21:27:35 +0200
In-reply-to: <20071017140055.26933.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20071017140055.26933.qmail@xxxxxxxxxxxxxxxxx>
User-agent: KMail/1.9.7

Am Mittwoch 17 Oktober 2007 schrieb deme@xxxxxxxxxx:
> SimplePHPBlog
> Cross Site Request Forgeries
> Tested on v0.4.9

What's the purpose on reporting issues on old versions?
I don't know simplephpblog, but a quick look on their page tells me that 
they've released a bunch of security related updates since 0.4.9. Their 
current one is 0.5.1.

-- 
Hanno Böck              Blog:   http://www.hboeck.de/
GPG: 3DBD3B20           Jabber: hanno@xxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part.

References:
- Multiple CSRF in SimplePHPBlog
  - From: deme

Prev by Date: Re: SSH attacks - anyone else seen these?
Next by Date: Re[2]: [Full-disclosure] The Death of Defence in Depth ? - An invitation to Hack.lu
Previous by thread: Multiple CSRF in SimplePHPBlog
Next by thread: Oracle TNS Listener DoS and/or remote memory inspection
Index(es):
- Date
- Thread