WebApp Sec mailing list archives
Re: IE cookie menagment and CSRF
From: lazy <lazy () gwsh gda pl>
Date: Sat, 21 Aug 2004 22:10:10 +0200
Dnia 2004-08-21 21:21, Użytkownik Finite napisał:
The ebay example wouldn't work, of course, since eBay requires you to
damn !! so I won't get rich. I wonder who will but my 199$ matches now? :)
it depends on the config i don't remember changing that but i had it disabled which is not default in 1.7 maybe it was beforeconfirm your bid by clicking a button that POSTs. I'd be surprised if Mozilla didn't send cookies as you describe, since that is the way
now i know why mozilla didn't send them :) In default config it also sends them. So its my bad. So if this schema is widly used it is a flaw in web page if it accept important data as GET requests But still you can't disable this cookies in IE unlike in mozilla or opera. -- lazy
Current thread:
- IE cookie menagment and CSRF lazy (Aug 20)
- Re: IE cookie menagment and CSRF Saqib . N . Ali (Aug 21)
- Re: IE cookie menagment and CSRF lazy (Aug 21)
- Re: IE cookie menagment and CSRF Saqib . N . Ali (Aug 22)
- Re: IE cookie menagment and CSRF lazy (Aug 21)
- Message not available
- Re: IE cookie menagment and CSRF lazy (Aug 22)
- Re: IE cookie menagment and CSRF Finite (Aug 22)
- Re: IE cookie menagment and CSRF lazy (Aug 22)
- Re: IE cookie menagment and CSRF Saqib . N . Ali (Aug 21)