SimplePHPBlog Cross Site Request Forgeries
Tested on v0.4.9 Discovered by: Demential Web: http://hackish.altervista.org E-mail: deme [at] hackish [dot] eu SimplePHPBlog website: http://www.simplephpblog.com/ - posting [img=add_block.php?action=delete&block_id=*] in a comment where * is an ID of a block, when administrator reads the comment block * will be erased. - posting [img=add_link.php?action=delete&link_id=*] in a comment where * is an ID of a link, when administrator reads the comment link * will be erased.
