889 B
889 B
CVE-2010-3024
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.
POC
Reference
- http://marc.info/?l=bugtraq&m=128104130309426&w=2
- http://packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txt
- http://www.exploit-db.com/exploits/14565
Github
No PoCs found on GitHub currently.