Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

CSRF-ing “Blogger Classic”

From: pagvac <unknown.pentester () gmail com>
Date: Mon, 22 Jan 2007 23:52:14 +0000
A few days ago, an experiment on hijacking blogs through CSRF attacks
was published on GNUCITIZEN. In this particular case, the chosen
blogging platform for the experiment was Blogger. Now, a few days
later, I can confirm that Google has tokenized the requests that made
it possible to hijack a blog in a two-shots attack.

More info can be found on the following URL:

http://www.gnucitizen.org/blog/csrf-ing-blogger-classic

-- 
pagvac
[http://ikwt.com/]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: