WebCalendar 1.2.7 CSRF Bypass

WebCalendar version 1.2.7 attempts to uses the HTTP Referer to check that requests are originating from same server. However, this can be easily defeated by just not sending a referer.

Leave a Reply