Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 1 of 1
6 years ago
I'm researching a possible CSRF vector where the server does NOT URL decode the POST parameters. It looks like the site uses XMLHttpRequest to send the parameters unencoded, but from my understanding, XMLHttpRequest can't be used to send cross domain POSTs. If I make a simple autosubmitting form with enctype="text/plain", then the content-type header is also text/plain, so the app doesn'
Forum: CSRF and Session Info
Current Page: 1 of 1