Bugtraq mailing list archives
Re: squirrelmail CSRF vulnerability
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Sun, 13 May 2007 20:14:22 +0200 (CEST)
On Sat, 12 May 2007, Josh Zlatin-Amishav wrote:
On Fri, 11 May 2007, Tim Newsham wrote:This might just be semantics: I wouldn't consider the XSS attack to be a CSRF attack.The point is, if the application is vulnerable to an XSS vulnerability then having a CSRF token wont protect you from a CSRF attack. The attacker could use the XSS vector to steal the CSRF token, much like the Samy worm worked.
Let's have an HTTP server with a buffer overflow vulnerability making it possible to run arbitrary code. We can use the vulnerability to read files outside the document root (perhaps using relative pathnames like "../../../file") but I don't think this means we should call such an attack "a path traversal". --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- squirrelmail CSRF vulnerability p3rlhax (May 10)
- Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 10)
- Re: squirrelmail CSRF vulnerability Tim Newsham (May 11)
- Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 12)
- Re: squirrelmail CSRF vulnerability Pavel Kankovsky (May 14)
- Re: squirrelmail CSRF vulnerability Tim Newsham (May 11)
- Re: squirrelmail CSRF vulnerability Josh Zlatin-Amishav (May 10)