Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSRF and Javascript RPCs - feedback please
Posted by: wck
Date: July 18, 2007 06:10PM

I just wrote up a blog post about a couple things I've been thinking about with respects to how a lot of websites that do JS RPC calls are exposing themselves to xsrf disclosures of private data. It's kind of long, but I would be interested to hear people's thoughts on the subject.

tear away, I just wrote it up this evening so I'm sure it's got some stuff wrong in there.

Options: ReplyQuote

Sorry, only registered users may post in this forum.