Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management
From: Andrew Farmer <andfarm@xxxxxxxxx>
Date: Tue, 1 Dec 2009 09:00:57 -0800
Cc: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
In-reply-to: <8359c1ba0911300748g32bb69e0ye9c68be97c14e0d0@xxxxxxxxxxxxxx>

On 30 Nov 2009, at 07:48, John Dos wrote:
> After passing the Basic Auth login you can create/delete applications.


If Basic auth is the only protection, isn't dotDefender also vulnerable to XSRF?

References:
- Remote Command Execution in dotDefender Site Management
  - From: John Dos

Prev by Date: 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit)
Next by Date: [ GLSA 200912-01 ] OpenSSL: Multiple vulnerabilities
Previous by thread: Remote Command Execution in dotDefender Site Management
Next by thread: Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux