Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 2 of 2
4 years ago
bflavor2
A representative from Acunetix said that version 6.5 does not currently support these features. Nessus and Paros don't support it well either. Security through obscurity wins?
Forum: CSRF and Session Info
4 years ago
bflavor2
Hello all, I'm doing a test against an IIS 6 box with session state enabled. Sessions are tracked completely server side by a url like such: websitedotcom/(S(1ngoc045sslvlc45tazuhg45))/AppPages/address/changeaddress.aspx or websitedotcom//(S(j4nd2sjarzlj5ejved0irh2u))/apppages/changeaddress.aspx So each time you visit the site, it's a new URL, also the session state tends to ch
Forum: CSRF and Session Info
Current Page: 1 of 1