-
Bug
-
Resolution: Duplicate
-
Medium
-
None
-
2.8
-
None
202.47.1.18 - - [19/May/2008:01:19:00 -0500] "GET /pages/removeattachment.action?pageId=685540383&fileName=kermit.jpg&version=1 HTTP/1.1" 200 3603 ...
Kiddies, do you know what happens to bad webapps that use GETs to submit "delete" operations rather than POSTs?
In the night the Big Bad Googlebot comes along clicking every link, ignores the "Do you really want to delete?" Javascript, and deletes every attachment on the page.
- duplicates
-
CONFSERVER-8254 Review GET methods in Confluence to ensure web spiders cannot execute dangerous actions (like removeattachment)
- Gathering Impact