[WEB SECURITY] what is this attack called?

Brian Eaton eaton.lists at gmail.com
Mon Dec 19 19:27:03 EST 2005

On 12/19/05, Martin Straka <straka at fido.cz> wrote:
> This is Cross Site Request Forgery attack aka CSRF.
> > Anybody have links to further information on this kind of attack?
> http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00216.html
> http://wikipedia.org/wiki/Cross-Site_Request_Forgery
> http://www.securenet.de/papers/Session_Riding.pdf
> http://shiflett.org/archive/90
> http://www.squarefree.com/securitytips/web-developers.html#CSRF

Yes, this is just what I was looking for.  Thanks.

- Brian

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list