Clipmarks - barrett778's csrf

0
POPS Cross-Site Request Forgery (CSRF or XSRF)

by barrett778 11-27-2007

Related to the Firefox / SeaMonkey vulnerability noted in the previous clip. Please see source for excellent examples on how this is done. The Digg example is not well written, but explains well how this is accomplished.

0
POPS Firefox / Seamonkey HTTP Referer Vulnerability

by barrett778 11-27-2007

This issue relates to Cross-site Request Forgeries. One countermeasure is for the authenticating web site to check the HTTP Referer header to ensure the request is coming from an authorized site. This vulnerability permitted an attacker to delay the loading of the attack script until the intended (permitted) referring page was loaded, which would circumvent HTTP Referer checks to prevent CSRF. Solution: Update to Firefox 2.0.0.10 and latest version of SeaMonkey. See next post for explanation of CSRS (aka XSRF)

— end of the list —

Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

barrett778's csrf clipmarks

barrett778 csrf

Search Options

Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31