Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<br />
<br />
<br />
When<br />
var IFRAME_ID<br />
the iframe's<br />
= "0", GET_SRC<br />
DOM<br />
=<br />
is done<br />
"http://www.vulnerable.com/some.html?param=1";<br />
loading IFRAME_GETTER.onload() is<br />
<br />
<br />
<br />
Extra easy to <strong>CSRF</strong> since it's done with HTTP GET.<br />
<br />
<br />
csrfMulti0.ht