Comments Security Hole in BlogEngine.NET 1.4

Why not join our community?, there are 14 users online

home
asp.net
view story

DotNetKick.com is an open-source project. Please report any bugs and let us know your great suggestions. Currently running svn revision 620 (rss)

Kick Spy!, Kick Zeitgeist and Kick Widgets

11
kicks

kick it

Comments Security Hole in BlogEngine.NET 1.4

published 4 months, 23 days ago, submitted by JarrettV 4 months, 23 days ago

jvance.com — Jarrett describes the steps to reproduce a security hole in BlogEngine.NET for deleting and approving comments. He also provides the source code for a quick fix.

4 comments | category:

ASP.NET | Views: 140 | Get KickIt image code

tags: ASP.NET | tag it

Everyones tags:

Your tags:

Please login or signup.

Add a live kick counter to your blog >> liveImage

You can even customize the image by choosing your own colors, and then clicking the button below to update the preview and the html code:

"Kick It" text
"Kick It" background
kick count text
kick count background
border

Simply copy and paste this HTML into your blog post.

Users who kicked this story:

JarrettV - galiyr -

yesthatmcgurk -

Anheledir -

kayos -

mmikie -

EtienneTremblay -

mdopp -

diamondz - craigtp -

DannyDouglass

Comments:

This is at least the second time that someone has documented the exact steps to exploiting a security hole in BlogEngine. Why?? Anyway, looks like a fix has already been posted on CodePlex.

posted by

Dexign 4 months, 23 days ago

It was better to not produce the steps on how to reproduce it.

posted by

keyvan 4 months, 23 days ago

Get the fix here http://www.codeplex.com/blogengine/Release/ProjectReleases.aspx

posted by

madskristensen 4 months, 23 days ago

Excuse me, but IMHO it is nothing more than publicity-whoring to write a post such as this one.

Next time, if you find a exploit, report it to the admin, and give him time to fix it in silence. Thank you.

posted by

duckie 4 months, 22 days ago