[Catalyst] CSRF

Moritz Onken onken at houseofdesign.de
Tue Sep 30 18:08:21 BST 2008


Am 30.09.2008 um 18:58 schrieb Ashley:

> On Sep 30, 2008, at 9:40 AM, Wade.Stuart at fallon.com wrote:
>> Seems like a cheap way (listing a bunch of frameworks in a security  
>> paper) to gain cheap traffic on your paper.
>
> Isn't that how and why white papers are written. :)
>
> I only skimmed the top page but I got the impression that following
> best practices would circumvent (most of?) the exploits. POSTs
> being required to manipulate data, specifically.
>
> -Ashley

 From the paper:

"attackers can use POST"

This is possible due to the fact that flash movies can send any  
request to a server.
You can achieve this even with a XMLHTTPRequest.

cheers,

moritz



More information about the Catalyst mailing list