29 blog reactions to http://shiflett.org/blog/2007/jul/csrf-redirector

Також існує інша можливість відправки POST CSRF запитів - використання CSRF редиректорів. Chris Shiflett розробив такий CSRF Redirector. Це GET в POST редиректор, що автоматично переводить GET запит в POST. Формат запиту наступний: http://shiflett.org/csrf.php?csrf=http://site/script

[1] Google GMail E-mail Hijack Technique, http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/ [2] XSS POST Forwarder, http://whiteacid.org/misc/xss_post_forwarder.php [3] CSRF Redirector, http://shiflett.org/blog/2007/jul/csrf-redirector [4] ASP的XSS POST Forwarder下载(附送一个HTML版), http://www.0x54.org/lake2/xss_post_forwarder.zip [5] 源代码和编译好的swf文件下载：http://www.0x54.org/lake2/flash/flash_hacking.rar

Chris Shiflett's CSRF GET to POST converter

DOM Based XSS Explanation of Samy is my Hero worm Fairly old FAQ at CGI Security List of XSS holes in popular web applications CSRF: Introduction from: Wikipedia and here Article by Chris Shiflett and CSRF Redirector test tool CSRF FAQ at CGI Security Array constructor overriding and setter overriding A solution: SameRefererOnly Protecting a JSON or JavaScript Service Blogs: Jeremiah Grossman Chris Shiflett RSnake

DOM Based XSS Explanation of Samy is my Hero worm Fairly old FAQ at CGI Security List of XSS holes in popular web applications CSRF: Introduction from: Wikipedia and here Article by Chris Shiflett and CSRF Redirector test tool CSRF FAQ at CGI Security

DOM Based XSS Explanation of Samy is my Hero worm Fairly old FAQ at CGI Security List of XSS holes in popular web applications CSRF: Introduction from: Wikipedia and here Article by Chris Shiflett and CSRF Redirector test tool CSRF FAQ at CGI Security

DOM Based XSS Explanation of Samy is my Hero worm Fairly old FAQ at CGI Security List of XSS holes in popular web applications CSRF: Introduction from: Wikipedia and here Article by Chris Shiflett and CSRF Redirector test tool CSRF FAQ at CGI Security