Show all posts by user

sla.ckers.org is
ha.ckers sla.cking

Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....

Go to: Forum List•Message List•New Topic•Log In

Current Page: 1 of 1

Results 1 - 1 of 1

5 years ago

brave_new_world

1. csrf in many torrent trackers

Well I posted this on some other forum but noone seemed interested or wanted to talk about it so here I am and I would really get some feedback about it! I found a (my first) csrf in tracker.com/takeprofedit.php?email=.... I haven't seen any tracker needing the password or a sid to change the email in the profile. So you can very simple abuse this with a csrf to change the email and then
Forum: CSRF and Session Info

Current Page: 1 of 1

Go to: Forum List•Message List•New Topic•Log In