Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: CSRF through POST
Dec 16 2009 04:37PM
arvind doraiswamy (arvind doraiswamy gmail com)
You shouldn't worry about GET or POST. A CSRF will happen in both
places. Its just that the GET is easier and more visible.
For a POST you could either use OWASP's CSRF Tester to record and
replay a request. Or you could create a HTML page manually with all
hidden variables and just a bu...
[ more ]
Copyright 2010, SecurityFocus