[pLog-svn] Fwd: CSRF issue
Reto Hugi
reto at lifetype.ch
Tue Jul 13 17:38:53 EDT 2010
On 07/13/2010 08:47 AM, Jon Daley wrote:
> LifeType Cross-Site Request Forgery Vulnerability - Advisories ...
> A vulnerability has been discovered in LifeType, which can be exploited by
> malicious people to conduct cross-site request forgery attacks.
>
> http://secunia.com/advisories/40514
Hi Jon
It's a sad but old issue. That's why I once started the csrf branch.
I've not done more than implementing the token logic and a proof of
concept. It's still a lot of work until the protection would really work...
But on the other hand: Almost none of the blog tools out there really
protect users from CSRF attacks. At least none I know of.
regards,
reto
More information about the pLog-svn
mailing list