Ouch. I’m going to have to agree with Billy Rios on this one, I’ve also never CSRF used to own a box. Each week CSRF attacks are sure to get worse with all the interest on the subject. CSRF issues are everywhere, easy to pull off, and powerful because everything is web-enabled. Check out Rob Carter’s clever 3-step process:
1) Turn on move completed downloads
2) Change the path to where downloads are placed, line windows start up.
3) Force the download of a attacker controlled batch file
wait for reboot.
Clever stuff! Be mindful of your plugins boys and girls.