This repository contains the setup, exploit and patch for CVE-2009-4092 Simplog CSRF Vulnerability.
The vulnerabily exists in the user.php file of Simplog 0.9.3.2, a web application used for providing people with an easy way to create and maintain a blog on their personal websites. Attackers can use cross-site request forgery (CSRF) to hijack the user authentication process by sending a malicious request to change the password.
Our setup includes an Apache webserver (on localhost) capable of handling PHP pages, and a MySQL database hosted on the same server.
Simplog 0.9.3.2 is created by Jeremy Ashcraft (ashcraft@13monkeys.com). It is free software, released under GNU GPL Licence version 2.0.