- Posted by ian suttle on May 7, 2008
- Filed under BlogEngine.Net
If you're a blogger you've probably heard of Windows Live Writer. If you're not, please enjoy some of the other posts on my blog :).
Windows Live Writer has been raved over on many a blog. I didn't think it'd work with BlogEngine.Net since it's not listed but alas I was wrong (again).
First impressions require two thumbs up. Writer knows about my blog, how to log in to it, how to edit and publish posts and page, knows my tags, knows my categories, and more. Very impressive.
I must say this couldn't have been so awesome without the BlogEngine.Net team implementing the communication points.
- Posted by Ian Suttle on April 14, 2008
- Filed under BlogEngine.Net
This is serious business if you're running BlogEngine.net.
The exploit allows a user to use the javascript axd to access the user.xml file and display its contents in the browser. If you're eyeballs are jittery right now you've got the right reaction unless you're just highly caffienated and don't mind username and passwords in plain text.
Danny Douglass has a quick fix by replacing the current BlogEngine.Core.dll with his updated version. I'm running the update on this site as a proof of concept of it working.