Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
InvisionFree cookies
Date: January 29, 2009 07:42PM

Would it be possible to get someones password from a fake page on an invisionfree board?

Let me explain, Say that someone, anyone, on an invisionfree page made a fake page of a topic while they were still logged in with "remember me" active, from that page would you beable to get the password?

Now, don't say its impossable..Because it has actually been done to me in the past..And I have a page with someone else logged in on some board you wouldn't care about.

If you want me to supply the page I will.

Options: ReplyQuote
Re: InvisionFree cookies
Date: January 30, 2009 12:15AM

I assume you are talking about CSRF.

Options: ReplyQuote
Re: InvisionFree cookies
Posted by: tx
Date: January 30, 2009 11:00PM

or just plain phishing.

-tx @

Options: ReplyQuote

Sorry, only registered users may post in this forum.