[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management

To: John Dos <dotdefeater@xxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management
From: Andrew Farmer <andfarm@xxxxxxxxx>
Date: Tue, 1 Dec 2009 09:00:57 -0800

On 30 Nov 2009, at 07:48, John Dos wrote:
> After passing the Basic Auth login you can create/delete applications.


If Basic auth is the only protection, isn't dotDefender also vulnerable to XSRF?

References:
- Remote Command Execution in dotDefender Site Management
  - From: John Dos

Prev by Date: 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit)
Next by Date: Re: ** FreeBSD local r00t zeroday
Previous by thread: Remote Command Execution in dotDefender Site Management
Next by thread: Cacti 0.8.7e: Multiple security issues
Index(es):
- Date
- Thread