Comments Security Hole in BlogEngine.NET 1.4

Why not join our community?, there are 1 user online

home
asp.net
view story

DNK has a spanking new server up and running like clockwork. Stability problems are a thing of the past. Our new monitoring service reports 100% uptime since the move!

11
kicks

kick it

Comments Security Hole in BlogEngine.NET 1.4

published 11 months, 22 days ago, submitted by JarrettV 11 months, 23 days ago

jvance.com — Jarrett describes the steps to reproduce a security hole in BlogEngine.NET for deleting and approving comments. He also provides the source code for a quick fix.

4 comments | category:

ASP.NET | Views: 143 | Get KickIt image code

Comments Security Hole in BlogEngine.NET 1.4

tags: ASP.NET | tag it

Everyones tags:

Your tags:

Please login or signup.

Add a live kick counter to your blog >> liveImage

You can even customize the image by choosing your own colors, and then clicking the button below to update the preview and the html code:

"Kick It" text
"Kick It" background
kick count text
kick count background
border

Simply copy and paste this HTML into your blog post.

Users who kicked this story:

EtienneTremblay -

mdopp -

yesthatmcgurk -

diamondz -

Anheledir -

kayos -

craigtp -

DannyDouglass - galiyr -

mmikie - JarrettV

Comments:

This is at least the second time that someone has documented the exact steps to exploiting a security hole in BlogEngine. Why?? Anyway, looks like a fix has already been posted on CodePlex.

posted by

Dexign 11 months, 22 days ago

It was better to not produce the steps on how to reproduce it.

posted by

keyvan 11 months, 22 days ago

Get the fix here http://www.codeplex.com/blogengine/Release/ProjectReleases.aspx

posted by

madskristensen 11 months, 22 days ago

Excuse me, but IMHO it is nothing more than publicity-whoring to write a post such as this one.

Next time, if you find a exploit, report it to the admin, and give him time to fix it in silence. Thank you.

posted by

duckie 11 months, 22 days ago