[WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?
Thierry Zoller
Thierry at Zoller.lu
Mon Dec 18 13:42:37 EST 2006
Dear Holger Peine,
- Flash 8 allows the client to execute POST request
- URL to my website (script=) which does the POST in the name of the
client
It doesn't change much, you just can't send the link as easily or you
have to take a turn around.
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list