Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Classical CSRF Worms vs. Ajax
Posted by: Kyo
Date: May 03, 2008 12:52PM

yesterday I released a harmless little worm to sheezyart, mostly to test my enhanced post forcer ( http://wocares.com/epf.php ) which does not send a ref.

Today, I was linked to http://www.xssed.com/article/1/Paper_Anatomy_of_a_Pseudo-Reflective_Worm/ which used Ajax for the worm. I simply wrote a few invisible iframes that lead to my EPF.

Now, I ask you, are there any significant differences, advantages or disadvantages? Which is "better"?`

Options: ReplyQuote


Sorry, only registered users may post in this forum.