Update: Added a sterilized demo and the source code. CSRF (Cross Site Request Forgery) is considered one of the most widely spread exploits in websites today. I’ve written before about how a legitimate Flash file (swf) can be extremely viral. Few days ago I did a real attack, exploiting »
Update: I’ve posted a real world example of this bug being exploited. This one has the same behavior on IE6, IE7 and IE8 betas. I have only tested this with Flash swf files, but it’s likely that this security is applied and broken the same way, when navigating »
The first part of an hacker’s job would be to gather some information about her target, server, technology and software that runs on the desired target. With Worpress all is needed is viewing the html source to see the “” tag that describes what version of WordPress is currently running »