Re: [Catalyst] CSRF

Tue, 30 Sep 2008 10:33:27 -0700 

On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:

"attackers can use POST"
This is possible due to the fact that flash movies can send any request to a server. 
You can achieve this even with a XMLHTTPRequest.


If scripting is involved that makes it a XSS attack instead, though. No?

-Ashley


_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Reply via email to