[WEB SECURITY] Csrf - parse for tokens and reuse
Thierry Zoller
Thierry at Zoller.lu
Fri Apr 23 14:39:12 EDT 2010
>Yes absolutely, however if you're tricked to open a local file
>(or utilize a vuln allowing for local zone) then you have other more
>serious problems that can allow for owning the machine rather
>than just the web session.
Agree,
Though aren't chances to get somebody an html file opened
exponentialy greater then getting a exe file to open ?
--
http://secdev.zoller.lu
Thierry Zoller
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list