[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management



On 30 Nov 2009, at 07:48, John Dos wrote:
> After passing the Basic Auth login you can create/delete applications.


If Basic auth is the only protection, isn't dotDefender also vulnerable to XSRF?