[WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?

Thierry Zoller Thierry at Zoller.lu
Mon Dec 18 13:42:37 EST 2006

Dear Holger Peine,

- Flash 8 allows the client to execute POST  request
- URL to my website (script=) which does the POST in the name of the

It doesn't change much, you just can't send the link as easily or you
have to take a turn around.

Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list