Full Disclosure mailing list archives
Re: XSS + XSRF/CSRF...
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Thu, 15 Feb 2007 08:58:36 -0500
On 2/15/07, pagvac <unknown.pentester () gmail com> wrote:
3. Protect "interesting"/dangerous requests by asking the user for something only he/she knows (i.e.: password)
Careful with that. What about JS keyloggers? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS + XSRF/CSRF... Baey (Feb 15)
- Re: XSS + XSRF/CSRF... pagvac (Feb 15)
- Re: XSS + XSRF/CSRF... Brian Eaton (Feb 15)
- Re: XSS + XSRF/CSRF... pagvac (Feb 15)