[Full-disclosure] Hijacking Feeds with Feedburner
David Kierznowski
david.kierznowski at gmail.com
Wed Oct 3 23:30:47 BST 2007
The famour Feedsmith Feedburner plugin is vulnerable to a CSRF attack that
can allow an attacker to
completely hijack blog feeds.
Google responded quickly, and a fix is available.
The advisory includes a proof of concept exploit:
http://blogsecurity.net/wordpress/feedburner-feed-hijacking/
--
DK
http://gnucitizen.org/about/dk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071003/7b336935/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.