[WEB SECURITY] CSRF: Flash + 307 redirect = Game Over
sripathi.krishnan at gmail.com
Thu Feb 10 15:50:56 EST 2011
Thanks for sharing this. I assumed it would be flash because RoR team made a
backward incompatible change to their library to fix this issue.
Michal - I agree Flash should fix this. What's their justification for not
On 11 February 2011 01:41, Michal Zalewski <lcamtuf at coredump.cx> wrote:
> > We see here that the POST request is being set to www.victim.com, with
> the additional headers and the POST body. Web server frameworks can no
> longer rely on the implied security of additional HTTP Request Headers alone
> to prevent CSRF.
> I think it would be more reasonable to convince Adobe to fix it, than
> to write off this mechanism as an XSRF defense... unfortunately, as I
> understand it, they are aware of this problem for a longer while (> 6
> months), and it's been quasi-public ever since...
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity