Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 2 of 2
7 years ago
codec
By changing the default mime type in the php.ini, it passes the content type as a jpeg, therefore fooling the browser. This also stops the interpreter from sending the text/html type later on. one application for this would be to have an XSS logger create a \r delimited text file containing snagged cookies. implode a fread into an array and pick a random cookie. construct a spoofed header with
Forum: CSRF and Session Info
7 years ago
codec
I'm not sure if you guys have discussed this or not, but one of the largest flaws in CSRF by way of IMG tags is that the image size must be forced to 0x0 to hide the broken image icon in the browser. The SRC parameter throws up a red flag as well by either referencing a script on another server (<img src="http://evilsite.com/csrf.php" width=0 height=0>) with an extension that isn'
Forum: CSRF and Session Info
Current Page: 1 of 1