Comments on: POST is not enough to prevent CRSF vulnerability, a proof with Reddit http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/ Thu, 16 Jul 2009 17:26:55 +0000 http://wordpress.com/ hourly 1 By: Tagz | "POST is not enough to prevent CRSF vulnerability, a proof with Reddit « Inane ramblings in the programming landscape" | Comments http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-1295 Tagz | "POST is not enough to prevent CRSF vulnerability, a proof with Reddit « Inane ramblings in the programming landscape" | Comments Sat, 16 May 2009 17:07:01 +0000 http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-1295 [...] [upmod] [downmod] POST is not enough to prevent CRSF vulnerability, a proof with Reddit « Inane ramblings in the prog... (monkeyget.wordpress.com) 0 points posted 10 months, 1 week ago by jeethu tags webdev security [...] [...] [upmod] [downmod] POST is not enough to prevent CRSF vulnerability, a proof with Reddit « Inane ramblings in the prog… (monkeyget.wordpress.com) 0 points posted 10 months, 1 week ago by jeethu tags webdev security [...]

]]> By: dblackshell http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-1284 dblackshell Fri, 11 Jul 2008 14:35:06 +0000 http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-1284 dinamic script tags can be used... if it's not a regenerative token http://insanesecurity.wordpress.com/2008/05/29/regenerative-tokens/ dinamic script tags can be used… if it’s not a regenerative token http://insanesecurity.wordpress.com/2008/05/29/regenerative-tokens/

]]> By: Top Posts « WordPress.com http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-4 Top Posts « WordPress.com Sat, 31 Mar 2007 23:58:38 +0000 http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-4 [...] POST is not enough to prevent CRSF vulnerability, a proof with Reddit Note: CSRF is an attack were a user is logged on site A. Site B contains a malicious page which forces any user loading […] [...] [...] POST is not enough to prevent CRSF vulnerability, a proof with Reddit Note: CSRF is an attack were a user is logged on site A. Site B contains a malicious page which forces any user loading […] [...]

]]> By: Harshad Joshi http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-3 Harshad Joshi Sat, 31 Mar 2007 19:10:28 +0000 http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-3 Thanks. Thanks.

]]> By: Tiago Serafim http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-2 Tiago Serafim Sat, 31 Mar 2007 03:22:17 +0000 http://monkeyget.wordpress.com/2007/03/30/post-is-not-enough-to-prevent-crsf-vulnerability-a-proof-with-reddit/#comment-2 Hi, >An ajax request could also be used. I don't think that an ajax request could be used since the browser'll only do ajax calls for urls from the same domain the script is running. Thanks for the article, Hi,

>An ajax request could also be used.

I don’t think that an ajax request could be used since the browser’ll only do ajax calls for urls from the same domain the script is running.

Thanks for the article,

]]>