WebCalendar 1.2.7 CSRF Bypass
Posted by deepcore on July 6, 2016 – 2:02 am
WebCalendar version 1.2.7 attempts to uses the HTTP Referer to check that requests are originating from same server. However, this can be easily defeated by just not sending a referer.
Post a reply
You must be logged in to post a comment.