[WEB SECURITY] Session hijacking via XSS vuln requring POST impossible?

Thierry Zoller Thierry at Zoller.lu
Mon Dec 18 13:42:37 EST 2006


Dear Holger Peine,

- Flash 8 allows the client to execute POST  request
- URL to my website (script=) which does the POST in the name of the
client

It doesn't change much, you just can't send the link as easily or you
have to take a turn around.


-- 
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list