Not discovered by me.
Tested by some mates on few TBDEV based sites and it worked.
I'm curious how long it takes for t-staffs to fix it :)
Not discovered by me.
Tested by some mates on few TBDEV based sites and it worked.
I'm curious how long it takes for t-staffs to fix it :)
I want to add that CSRF = cross-site request forgery
So (almost) all TBdev-based trackers would be vulnerable to such an attack? Bad news for admins, I guess.Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF ("sea-surf") or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
"I just remembered something that happened a long time ago."
One tried to report to admins and he god rejected, well, they deserve to get owned with entire of their db leeched and still vulnerable because noone know where is the little hole of it
Reply With Quote
Bookmarks