Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Great Facebook CSRF Fixed(?)
Posted by: tehryan
Date: April 24, 2007 03:18AM

Facebook has a feature that allows you to rotate your photos. This was done with GET vars and no anti-csrf measures. I was able to use javascript to cause entire albums to flip upside down very easily. I hadn't yet informed Facebook staff, but it seems the issue has been resolved, or at least their approach has changed. Has anyone else looked at this? I havn't had much time yet to really dig into it.

Options: ReplyQuote
Re: Great Facebook CSRF Fixed(?)
Posted by: beNi
Date: April 26, 2007 02:45PM

the delicious guys read their logs, too

Options: ReplyQuote

Sorry, only registered users may post in this forum.