11 Kicks

Comments Security Hole in BlogEngine.NET 1.4(jvance.com)

submitted by JarrettVJarrettV(270) 3 years, 7 months ago

Jarrett describes the steps to reproduce a security hole in BlogEngine.NET for deleting and approving comments. He also provides the source code for a quick fix.

4 comments |category: |Views: 155

tags: another

new Add a live kick counter to your blog >> liveImage

You can even customize the image by choosing your own colors, and then clicking the button below to update the preview and the html code:

  • "Kick It" text
  • "Kick It" background
  • kick count text
  • kick count background
  • border

Simply copy and paste this HTML into your blog post.


Users who kicked this story:
mdoppmdopp(856) - craigtpcraigtp(683) - DannyDouglassDannyDouglass(1260) - diamondzdiamondz(65)
More who kicked this story...
Comments:

posted by DexignDexign(170) 3 years, 7 months ago 0

This is at least the second time that someone has documented the exact steps to exploiting a security hole in BlogEngine. Why?? Anyway, looks like a fix has already been posted on CodePlex.

Reply

posted by keyvankeyvan(4086) 3 years, 7 months ago 0

It was better to not produce the steps on how to reproduce it.

Reply

posted by madskristensenmadskristensen(8565) 3 years, 7 months ago 0

Get the fix here http://www.codeplex.com/blogengine/Release/ProjectReleases.aspx

Reply

posted by duckieduckie(150) 3 years, 7 months ago 0

Excuse me, but IMHO it is nothing more than publicity-whoring to write a post such as this one.

Next time, if you find a exploit, report it to the admin, and give him time to fix it in silence. Thank you.

Reply

information Login or create an account to comment on this story
Submit a Story
View upcoming stories
How else can I help?
Add our feeds to your site

Most Active Users

What's this?