Comments on: Cross-Site Request Forgery And You http://phoneboy.com/1559/cross-site-request-forgery-and-you VoIP, Mobile Phones, Telecom, and Technology Made Simple Fri, 22 Aug 2008 01:32:35 +0000 http://wordpress.org/?v=2.6.1 By: cross site forgery - Web - WebCrawler http://phoneboy.com/1559/cross-site-request-forgery-and-you#comment-22081 cross site forgery - Web - WebCrawler Fri, 07 Sep 2007 22:31:45 +0000 http://www.phoneboy.com/node/1559#comment-22081 <!--%kramer-ref-pre%-->[...] ... www.gnucitizen.org/blog/cross-site-request-forgery... [Found on Yahoo! Search] 40. Cross-Site Request Forgery And You What is a Cross-Site Request Forgery? Quoting from the Cross-Site Request Forgery FAQ : Cross [...]<!--%kramer-ref-post%--> Kramer auto Pingback[...] … http://www.gnucitizen.org/blog/cross-site-request-forgery... [Found on Yahoo! Search] 40. Cross-Site Request Forgery And You What is a Cross-Site Request Forgery? Quoting from the Cross-Site Request Forgery FAQ : Cross [...]

]]> By: PhoneBoy http://phoneboy.com/1559/cross-site-request-forgery-and-you#comment-19324 PhoneBoy Mon, 02 Jul 2007 05:36:37 +0000 http://www.phoneboy.com/node/1559#comment-19324 It's very easy for one website to possibly "inject" commands into another, even if they are unable to read cookies or anything like that. The site is simply exploiting the trust relationship between your browser and the web site. It doesn't need to read any cookies or anything like that, it just gets your browser to execute a URL. Of course, this does not preclude the malicious website from exploiting bugs that may cause cookies and the like from getting divulged (think ActiveX exploits), making these attacks even more dangerous. It’s very easy for one website to possibly “inject” commands into another, even if they are unable to read cookies or anything like that. The site is simply exploiting the trust relationship between your browser and the web site. It doesn’t need to read any cookies or anything like that, it just gets your browser to execute a URL.

Of course, this does not preclude the malicious website from exploiting bugs that may cause cookies and the like from getting divulged (think ActiveX exploits), making these attacks even more dangerous.

]]> By: shanX http://phoneboy.com/1559/cross-site-request-forgery-and-you#comment-19309 shanX Sun, 01 Jul 2007 20:32:50 +0000 http://www.phoneboy.com/node/1559#comment-19309 But, newer browsers are powered to protect against these threats, right?? I think a webpage couldnt access another page's session or even data like cookies of other domains.... Without a trojan or something. But, newer browsers are powered to protect against these threats, right??

I think a webpage couldnt access another page’s session or even data like cookies of other domains…. Without a trojan or something.

]]>