Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: CSRF defend demos
Posted by: Anonymous User
Date: January 04, 2008 03:32AM


Options: ReplyQuote
Re: CSRF defend demos
Posted by: kirke
Date: January 04, 2008 11:34AM

rsnake Wrote:
> Guesty22, it totally depends on ...

many thanks rsnake for trying so hard to explain the security-by-refer(r)er nonsense ;-)
(as my KISS approach about it failed once more)

> .. since META refresh for instance doesn't send a referrer
at least Opera is known to send the referer for META too (not sure which version and if there is a fix now)

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2

Sorry, only registered users may post in this forum.