Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
CSRF Post without javascript
Posted by: Gareth Heyes
Date: August 23, 2007 03:32PM

Is there a way to do a POST without javascript and without the user knowing?

Options: ReplyQuote
Re: CSRF Post without javascript
Posted by: Gareth Heyes
Date: August 23, 2007 03:49PM

It's ok I think I've found the answer to my own question.

Options: ReplyQuote
Re: CSRF Post without javascript
Posted by: lake2
Date: September 06, 2007 05:23AM

hehe, without js, CSRF can attack

[ http://lake2.0x54.org ]

hi, can u speak chinese ?

Options: ReplyQuote
Re: CSRF Post without javascript
Posted by: Gareth Heyes
Date: September 06, 2007 06:27AM

Yeah if anyone is interested it works by fooling the user to click a link which they think is normal. But the link is really a CSS styled form button (In Firefox). An example can be found here:-

http://www.businessinfo.co.uk/labs/css_attacks/holder.php

Options: ReplyQuote


Sorry, only registered users may post in this forum.