View Single Post
  #62  
Old 06 May 2008, 10:34
Milad's Avatar
Milad Milad is offline
 
Join Date: May 2005
Real name: Milad
Originally Posted by PaulSonny View Post
Can anyone help me with this problem,

Details of the reported exploit are as follows;

Multiple CSRF Vulnerabilities
=============================

Example
------------------
if ($_REQUEST['do'] == 'deletereply'){
------------------

Because the "delete" command can be executed via a GET request (ie. URL in a signature), if a user with permission clicks a link that is specifically crafted, it can delete something. CSRF.

This is in my HelpCenter modification. I thought I had covered all CSRF issues but its seems I may have missed something but I dont know how to correct as ive covered everything from this thread.

Thanks, Paul.
make it via post request and use the security token!
Reply With Quote