Show all posts by user

sla.ckers.org is
ha.ckers sla.cking

Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....

Go to: Forum List•Message List•New Topic•Log In

Current Page: 1 of 1

Results 1 - 2 of 2

4 years ago

teen

1. Re: idea for a new type of xsrf

i tried modifying your js and a few things. if you call alert(ctx.getImageData()), you will get the cross domain error. source=ctx.getImageData(); code=1000
Forum: CSRF and Session Info

4 years ago

teen

2. idea for a new type of xsrf

if a website used an image to display any sensitive information, would it be possible to load the image into a html 5 canvas tag, get all the data from it and submit it your server? also, what if you used the canvas tag to pull in a form from another server, what would happen? would it be possible to convert the data back into text and manipulate it via js? thanks
Forum: CSRF and Session Info

Current Page: 1 of 1

Go to: Forum List•Message List•New Topic•Log In