XSRF Spam Vulnderability? - Printable Version

XSRF Spam Vulnderability? - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: General (/forumdisplay.php?fid=11)
+---- Forum: Forum & Website (/forumdisplay.php?fid=13)
+----- Thread: XSRF Spam Vulnderability? (/showthread.php?tid=77005)

XSRF Spam Vulnderability? by Baggins on 08-25-2007 at 04:45 PM

I was thinking as I just subscribed to a thread, subscribe is GET.
So if you have a thread which gets hundreds of replies, I could do

code:
[img]http://shoutbox.menthix.net/usercp2.php?action=subscribe&tid=<tid>[/img]

and by the time someone checked their email, they could have hundreds of crap emails there.

Also wdz, why is the [code] tag so weird[/code]

RE: XSRF Spam Vulnderability? by pollolibredegrasa on 08-25-2007 at 04:57 PM

If they were not active on the forums they would only get a couple at most. This post sort of explains it.

Though it might have changed since then, I'm not sure...

RE: XSRF Spam Vulnderability? by Baggins on 08-25-2007 at 05:05 PM

I see.

Thanks, FFC.