BugTraq
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 11 2008 08:57AM
pUm (hijacka googlemail com) (2 replies)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 11 2008 01:14PM
Sebastian Gottschall (DD-WRT) (s gottschall dd-wrt com) (1 replies)
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 11 2008 05:57PM
David E. Thiel (lx redundancy redundancy org)
On Thu, Dec 11, 2008 at 02:14:58PM +0100, Sebastian Gottschall (DD-WRT) wrote:
> all fixed images (for all platforms) are now provided here in our test
> folder

"Fixed" except for people who don't send Referers or for anyone who
browses an SSL site. Lenient Referer checking is not a solution for
CSRF.

[ reply ]
Re: Multiple XSRF in DD-WRT (Remote Root Command Execution) Dec 11 2008 01:07PM
Sebastian Gottschall (DD-WRT) (s gottschall dd-wrt com)


 

Privacy Statement
Copyright 2010, SecurityFocus