SecurityFocus

CSRF through POST Dec 15 2009 12:57AM
Robin Wood (dninja gmail com) (2 replies)

Re: CSRF through POST Dec 22 2009 08:00AM
Himanshu Goyal (idhimanshu gmail com)

Re: CSRF through POST Dec 16 2009 04:37PM
arvind doraiswamy (arvind doraiswamy gmail com) (1 replies)

Hey Robin,
You shouldn't worry about GET or POST. A CSRF will happen in both
places. Its just that the GET is easier and more visible.

For a POST you could either use OWASP's CSRF Tester to record and
replay a request. Or you could create a HTML page manually with all
hidden variables and just a button as a POC.

Cheers
Arvind

On Tue, Dec 15, 2009 at 6:27 AM, Robin Wood <dninja (at) gmail (dot) com [email concealed]> wrote:
> Hi
> Can anyone point me at any good papers on doing CSRF through POST
> parameters? I've found some sites with redirect scripts which help
> performing the attack but no good write-ups on different ways to
> perform it.
>
> Robin
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]

Re: CSRF through POST Dec 16 2009 04:47PM
Robin Wood (dninja gmail com) (2 replies)

Re: CSRF through POST Dec 24 2009 10:26AM
Amish Shah (amish net-square com) (1 replies)

Re: CSRF through POST Dec 27 2009 05:55AM
YGN Ethical Hacker Group (lists yehg net)

RE: CSRF through POST Dec 21 2009 01:47PM
boaz shunami rsa com (1 replies)

Re: CSRF through POST Dec 22 2009 03:59AM
chr1x (chr1x sectester net) (1 replies)

Re: CSRF through POST Dec 22 2009 09:22AM
Robin Wood (dninja gmail com)