Network Security: Detailed info on [Full-disclosure] Hijacking Feeds with Feedburner

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

Subject:	[Full-disclosure] Hijacking Feeds with Feedburner
Date:	Wed, 3 Oct 2007 23:30:47 +0100

Subject:

[Full-disclosure] Hijacking Feeds with Feedburner

Date:

Wed, 3 Oct 2007 23:30:47 +0100

The famour Feedsmith Feedburner plugin is vulnerable to a CSRF attack that can allow an attacker to completely hijack blog feeds. Google responded quickly, and a fix is available. The advisory includes a proof of concept exploit: http://blogsecurity.net/wordpress/feedburner-feed-hijacking/ -- DK http://gnucitizen.org/about/dk

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Hijacking Feeds with Feedburner, David Kierznowski <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Owning Big Brother: How to Crack into Axis IP cameras, Adrian P.
Next by Date:	Re: Oracle SQL Injection on orasso reveals ALL_USERS, Michael Alipio
Previous by Thread:	RE: Owning Big Brother: How to Crack into Axis IP cameras, Brooks, Shane
Next by Thread:	Re: Oracle SQL Injection on orasso reveals ALL_USERS, Michael Alipio
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: Owning Big Brother: How to Crack into Axis IP cameras, Adrian P.

Next by Date:

Re: Oracle SQL Injection on orasso reveals ALL_USERS, Michael Alipio

Previous by Thread:

RE: Owning Big Brother: How to Crack into Axis IP cameras, Brooks, Shane

Next by Thread:

Re: Oracle SQL Injection on orasso reveals ALL_USERS, Michael Alipio

Indexes:

[Date] [Thread] [Top] [All Lists]