View Single Post
Old 06 May 2008, 10:34
Milad's Avatar
Milad Milad is offline
Join Date: May 2005
Real name: Milad
Originally Posted by PaulSonny View Post
Can anyone help me with this problem,

Details of the reported exploit are as follows;

Multiple CSRF Vulnerabilities

if ($_REQUEST['do'] == 'deletereply'){

Because the "delete" command can be executed via a GET request (ie. URL in a signature), if a user with permission clicks a link that is specifically crafted, it can delete something. CSRF.

This is in my HelpCenter modification. I thought I had covered all CSRF issues but its seems I may have missed something but I dont know how to correct as ive covered everything from this thread.

Thanks, Paul.
make it via post request and use the security token!
Reply With Quote