Full Disclosure mailing list archives
CSRF-ing “Blogger Classic”
From: pagvac <unknown.pentester () gmail com>
Date: Mon, 22 Jan 2007 23:52:14 +0000
A few days ago, an experiment on hijacking blogs through CSRF attacks was published on GNUCITIZEN. In this particular case, the chosen blogging platform for the experiment was Blogger. Now, a few days later, I can confirm that Google has tokenized the requests that made it possible to hijack a blog in a two-shots attack. More info can be found on the following URL: http://www.gnucitizen.org/blog/csrf-ing-blogger-classic -- pagvac [http://ikwt.com/] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CSRF-ing “Blogger Classic” pagvac (Jan 22)