Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 3 of 3
7 years ago
woody
The paper outlines how using an xss vulnerabilty in one domain you can force a user to attack another website with an xss vulnerability. Essentially breaking the same origin policy. See chapter 4.4 and 4.5 in the paper. True the concepts of XSS and CSRF aren't new but combining them in this fashion to instantly get results from your CSRF makes this a much more lethal attack.
Forum: CSRF and Session Info
7 years ago
woody
Two friends of mine, Billy Rios and Raghav Dube, presented a great way to combine xss and csrf to break the same domain policy at blackhat europe last week. In their presentation they show how to attack other external websites using the victims machine and how to attack internal sites that would otherwise be protected by a firewall using a combination of xss and csrf. https://www.blackhat.co
Forum: CSRF and Session Info
7 years ago
woody
A quick google search on my school revealed a SQL injection on the Foundation page. http://www.google.com/search?hl=en&q=site%3Aucf.edu+Microsoft+OLE+DB+Provider+for+SQL+Server+error I'm hoping they don't store PII and credit card numbers there. I did find another SQL injection point in the admissions page. OUCH!! http://www.admissions.sdes.ucf.edu/apply-now.asp?FirstSub=a The er
Forum: News and Links
Current Page: 1 of 1