WebApp Sec mailing list archives
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
From: "Jay Blanchard" <jay.blanchard () niicommunications com>
Date: Mon, 16 Aug 2004 12:57:23 -0500
[snip] I am working on securing an application that uses CDSSO (Cross Domain Single Sign On). I am trying to reproduce the CSRF (Cross Site Request Forgery) attack (using <img/> TAG) in I.E. 6.01, but am unable to do so. However the attack works on Mozilla and other older browsers. My question: Is I.E. 6.01 SP1 doing something to foil the CSRF attack, i.e. only allow image extensions .gif .png .jpeg????? [/snip] You would have to ask the Microsoft Development Group, who probably does not subscribe to this list. Crossposting is bad. Being OT during a crosspost is even worse. I can hear the falmethrowers warming up in the wings. FYI -> This is (or use to be) a PHP list
Current thread:
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- <Possible follow-ups>
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Jay Blanchard (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Vail, Warren (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Ed Lazor (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Michael Silk (Aug 18)