Ehsan Hosseini Find RozBlog And SamenBlog CSRF/XSS Bugs

Hacker And security researcher Ehsan Hosseini of Ashiyane Digital Security Team have discover proof of concept -poc- bugs in RozBlog And SamenBlog:

CSRF -Cross-Site Request Forgery-  is type of attack occurs when malicious websites email blog or program cause user Web browsers to make unwanted actions on trusted site for which the user is currently authenticated

XSS -Cross Site Scripting- is type of computer security vulnerability found in web applications enable attackers to inject client-sides script into web pages viewed by other users

Bypass authentication Not all authentication methods is able to provide correct security And authentication plays important role in security of web applications Is possible to have bypass authentication measures by altering requests and trick application to thinking is correctly authenticated Is done by modifying given URL parameter or by manipulating web form or by fake sessions

Ehsan give special thanks for help of RozBlog to:


All vulns find by Ehsan Hosseini is here


[email protected]
[email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *