[Catalyst] CSRF

Ashley apv at sedition.com
Tue Sep 30 18:20:11 BST 2008

On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:
> "attackers can use POST"
> This is possible due to the fact that flash movies can send any  
> request to a server.
> You can achieve this even with a XMLHTTPRequest.

If scripting is involved that makes it a XSS attack instead, though. No?


More information about the Catalyst mailing list