Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....
Decloaking an internal IP
|
1,807 |
4 |
lat |
11/24/2009 09:12AM
Last Post by PaPPy
|
|
CSRF, problem with HTTP_REFERER
|
1,921 |
6 |
XaDoS |
11/15/2009 06:19AM
Last Post by Ams
|
|
Twitter Clickjacking protection
|
2,059 |
1 |
stonedyak |
10/06/2009 10:06AM
Last Post by stonedyak
|
|
Is it possible to bypass 127.0.0.1 referer check?
|
2,373 |
7 |
acemutha |
09/29/2009 05:21AM
Last Post by acemutha
|
|
Is that a robust defense to csrf by on check the referrer?
|
1,603 |
3 |
joel |
09/21/2009 07:27AM
Last Post by .mario
|
|
PHP-Nuke 8.0 final <= CSRF vuln (add admin user)
|
2,503 |
8 |
XaDoS |
09/20/2009 11:40PM
Last Post by PaPPy
|
|
What does this encoded data look like to you?
|
1,798 |
9 |
DontHassleHoff |
09/01/2009 01:56AM
Last Post by rvdh
|
|
An easy way to avoid GIFARs, etc?
|
1,454 |
7 |
exesteam |
08/28/2009 02:55PM
Last Post by thrill
|
|
Myspace .. maybe..CSRF on it??
|
1,266 |
2 |
XaDoS |
08/28/2009 02:41PM
Last Post by PaPPy
|
|
CSRF POST forwarding?
|
1,383 |
2 |
SW |
08/22/2009 10:35AM
Last Post by barbarianbob
|
|
Risks of cross-domain without cookies
|
1,674 |
5 |
riahmatic |
08/04/2009 02:52PM
Last Post by ademix
|
|
Hacking CSRF tokens using CSS History Hack
|
2,696 |
18 |
Inferno |
07/22/2009 11:10AM
Last Post by rvdh
|
|
Cross-subdomain Cookies
|
1,983 |
8 |
clayfox |
07/18/2009 07:00AM
Last Post by kuza55
|
|
Reverse Session Fixation Attack
|
1,367 |
5 |
clayfox |
07/17/2009 01:01PM
Last Post by clayfox
|
|
Keeping sessions alive php script
|
1,562 |
4 |
PaPPy |
07/16/2009 08:17AM
Last Post by kuza55
|
|
Nonce evasion
|
1,262 |
7 |
dragunov |
05/29/2009 12:00PM
Last Post by dragunov
|
|
Flash, crossdomain.xml, and pwnage
|
2,018 |
3 |
hexfortyfive |
05/19/2009 03:41PM
Last Post by Perow
|
|
About the actionscript audit
|
959 |
3 |
ted |
05/06/2009 05:32AM
Last Post by Gareth Heyes
|
|
preventing frame busting
|
1,510 |
2 |
coderrr |
04/27/2009 11:03PM
Last Post by SpoofGhost
|
|
Cascading up iframes across domains
|
1,011 |
2 |
adamN |
04/14/2009 02:57PM
Last Post by Kyo
|
|
Dynamic Iframe on IE [SOLVED]
|
1,920 |
12 |
p0c |
04/07/2009 01:35PM
Last Post by p0c
|
|
acccept header question
|
1,186 |
1 |
dwhite |
03/12/2009 02:19PM
Last Post by dwhite
|
|
Security of allowing file uploads.
|
1,946 |
18 |
fjw |
02/01/2009 04:27PM
Last Post by Inferno
|
|
question on redirects
|
1,216 |
2 |
dwhite |
02/01/2009 01:25PM
Last Post by clayfox
|
|
InvisionFree cookies
|
1,131 |
3 |
Slackermanforty40 |
01/30/2009 11:00PM
Last Post by tx
|
|
idea for a new type of xsrf
|
1,233 |
7 |
teen |
01/29/2009 04:56AM
Last Post by holiman
|
|
CSRF protection in an overlarge domain
|
1,194 |
4 |
clayfox |
01/21/2009 03:56PM
Last Post by NickWilliams
|
|
Hello Everyone
|
969 |
2 |
psharma |
01/15/2009 12:00PM
Last Post by id
|
|
salted MD5 / SSL / ??
|
1,634 |
22 |
gunwant_s |
01/14/2009 07:48AM
Last Post by NickWilliams
|
|
Sending a Form POST with out URL encoding?
|
1,440 |
2 |
NewWorldSamurai |
01/10/2009 03:45PM
Last Post by NickWilliams
|
