[Catalyst] CSRF
Moritz Onken
onken at houseofdesign.de
Tue Sep 30 18:08:21 BST 2008
Am 30.09.2008 um 18:58 schrieb Ashley:
> On Sep 30, 2008, at 9:40 AM, Wade.Stuart at fallon.com wrote:
>> Seems like a cheap way (listing a bunch of frameworks in a security
>> paper) to gain cheap traffic on your paper.
>
> Isn't that how and why white papers are written. :)
>
> I only skimmed the top page but I got the impression that following
> best practices would circumvent (most of?) the exploits. POSTs
> being required to manipulate data, specifically.
>
> -Ashley
From the paper:
"attackers can use POST"
This is possible due to the fact that flash movies can send any
request to a server.
You can achieve this even with a XMLHTTPRequest.
cheers,
moritz
More information about the Catalyst
mailing list