Hello All, I am working on securing an application that uses CDSSO (Cross Domain Single Sign On).
I am trying to reproduce the CSRF (Cross Site Request Forgery) attack (using <img/> TAG) in I.E. 6.01, but am unable to do so. However the attack works on Mozilla and other older browsers. My question: Is I.E. 6.01 SP1 doing something to foil the CSRF attack, i.e. only allow image extensions .gif .png .jpeg????? Regards, Saqib Ali http://validate.sf.net <<< DocBook XML -> XHTML / PDF Convertor