[pLog-svn] Fwd: CSRF issue

Reto Hugi reto at lifetype.ch
Tue Jul 13 17:38:53 EDT 2010

On 07/13/2010 08:47 AM, Jon Daley wrote:
> LifeType Cross-Site Request Forgery Vulnerability - Advisories ...
> A vulnerability has been discovered in LifeType, which can be exploited by
> malicious people to conduct cross-site request forgery attacks.
> http://secunia.com/advisories/40514

Hi Jon

It's a sad but old issue. That's why I once started the csrf branch.
I've not done more than implementing the token logic and a proof of
concept. It's still a lot of work until the protection would really work...

But on the other hand: Almost none of the blog tools out there really
protect users from CSRF attacks. At least none I know of.


More information about the pLog-svn mailing list