Ehsan Hosseini Find RozBlog And SamenBlog CSRF/XSS Bugs
Hacker And security researcher Ehsan Hosseini of Ashiyane Digital Security Team have discover proof of concept -poc- bugs in RozBlog And SamenBlog:
- RozBlog Weblog Service – Authentication Bypass / Cross Site Request Forgery / Cross Site Scripting
- SamenBlog Weblog Service – Cross Site Request Forgery / Cross Site Scripting
CSRF -Cross-Site Request Forgery- is type of attack occurs when malicious websites email blog or program cause user Web browsers to make unwanted actions on trusted site for which the user is currently authenticated
XSS -Cross Site Scripting- is type of computer security vulnerability found in web applications enable attackers to inject client-sides script into web pages viewed by other users
Bypass authentication Not all authentication methods is able to provide correct security And authentication plays important role in security of web applications Is possible to have bypass authentication measures by altering requests and trick application to thinking is correctly authenticated Is done by modifying given URL parameter or by manipulating web form or by fake sessions
Ehsan give special thanks for help of RozBlog to:
Bl4ck_mohajem
Alireza
All vulns find by Ehsan Hosseini is here
Contact: