Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 1 of 1
5 years ago
NewWorldSamurai
I'm researching a possible CSRF vector where the server does NOT URL decode the POST parameters. It looks like the site uses XMLHttpRequest to send the parameters unencoded, but from my understanding, XMLHttpRequest can't be used to send cross domain POSTs. If I make a simple autosubmitting form with enctype="text/plain", then the content-type header is also text/plain, so the app doesn'
Forum: CSRF and Session Info
Current Page: 1 of 1