the reportFreedom to Tinker wrote:We found four major vulnerabilities on four different sites. These vulnerabilities include what we believe is the first CSRF vulnerability that allows the transfer of funds from a financial institution. We contacted all the sites involved and gave them ample time to correct these issues. Three of these sites have fixed the vulnerabilities listed below, one has not.
<..>
If a user visits an attacker's website, the attacker can force the user's browser to send a request to a page that performs a sensitive action on behalf of the user. The target website sees a request coming from an authenticated user and happily performs some action, whether it was invoked by the user or not.
CSRF Proven Effective
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
CSRF Proven Effective
Most people would sooner die than think; in fact, they do so - Bertrand Russel
Re: CSRF Proven Effective
Great site thanks puppi
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
Re: CSRF Proven Effective
Sweet. This kinda knowledge could get me a job.
thanks pup!
thanks pup!
Soon Google will know everything...including how to divide by zero