WebApp Sec mailing list archives
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
From: "Ed Lazor" <Ed.Lazor () d20News com>
Date: Mon, 16 Aug 2004 12:01:16 -0700
What if you add a random seed to the URL? <img src="http://slashdot.org/my/logout?fluff=<?php echo rand(1,200);?>" height="1" width="1">
-----Original Message----- Hello Chris, I can't share the exact code ;) , but here is something very similar: <img src="http://slashdot.org/my/logout"; height="1" width="1"> If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1
Current thread:
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- <Possible follow-ups>
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Jay Blanchard (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Vail, Warren (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Ed Lazor (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Michael Silk (Aug 18)