Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: CSRF through POST
Dec 27 2009 05:55AM
YGN Ethical Hacker Group (lists yehg net)
You can forge HTTP Post using any feasible browser plugins such as
Flash (AS), SilverLight, Java Applet.
Flash is said to be a feasible way to take over victim's sessions via CSRF.
var req:LoadVars=new LoadVars();
[ more ]
Copyright 2010, SecurityFocus