Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 3 of 3
6 years ago
kcanis
Umm, pay per click ads ... try to find those cheaters google :P
Forum: CSRF and Session Info
6 years ago
kcanis
So I see two options, both are pretty much equally as lame: * Have a captcha the user has to pass to get their fully authed session back. But at that point in time you might as well just ask for a password. * Support two types of authenticated sessions: fully authed and partially authed. With a partially authed session the user would be prompted again for credentials when they try to
Forum: CSRF and Session Info
6 years ago
kcanis
I have a couple of questions about image tags, I wanna make sure I have this right regarding the attacks associated with img tags from a CSRF and XSS perspective. Ok, so lets assume we have a form where users can input a URL to an image in a text area, lets say using an actual '<img>' tag. So the options are: 1. The web app fails to validate the src attribute for the image, allow
Forum: CSRF and Session Info
Current Page: 1 of 1