Drupal CSRF Exploit reported on packetstorm