BlogSecurity » Blog Archive » Feedsmith Feedburner vulnerability fixed

Feedsmith Feedburner vulnerability fixed

Filed Under (News, WordPress) by DK on 3 October 2007

The guys at Google have been great and have just released a brand new version of FeedSmith Feedburner (v2.3), after BlogSecurity released an advisory yesterday that allowed an attacker to hijack your feed and thereby your readers.

This does address the vulnerability released on BlogSecurity yesterday.

A random token has been added to the form to prevent CSRF attacks, and after a quick test it seems to work well, however, we have not analysed it in detail as yet.

We suggest you upgrade as soon as possible.

The updated plugin can be downloaded at: http://www.feedburner.com/fb/a/help/wordpress_quickstart

Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

BlogSecurity » Hijacking feeds with Feedburner Vulnerability on 3 October, 2007 at 8:52 pm #

[…] Update: 03/10/07: Fixed version released. […]

Feedburner tip: subscribe early, subscribe often, subscribe a million users a time | pacificpelican.us/blog on 6 October, 2007 at 10:25 pm #

[…] read about a Feedburner problem recently–apparently it may be possible that anyone using the Feedsmith plugin (one which […]

Comment

Search site:
Welcome to BlogSecurity
- BlogSec is the only organization that deals with social networking and web blog security exclusively.
- Meet the team
- Post/Read News
Secure WordPress
Recent Posts
What you enjoy on BlogSec
- Latest blog news and projects
- Details of recent vulnerabilities
- BlogSec security projects and related content
- Non-technical and general articles
View Results

Name:
Email:
Website:
Message:

Comments

Welcome to BlogSecurity

Secure WordPress

Recent Posts

What you enjoy on BlogSec

Additional WP Resources

Recent Comments

Posts by Category