![]() Or as the name of the attack says, it makes him send a request you forged from outside the website.Ī CSRF token is used to cancel this attack. At this point the attacker Can CSRF “almost” any request on behave of this user.Ī CSRF attacks ( Cross-Site Request Forgery) happens when you can send a link to someone (or embed it into an iframe on your website) and it makes the user do something on a particular website (like paypal) that he didn't intend to do. We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “ ”. Hacking PayPal Accounts with one click posted December 2014Īn interesting 0day on paypal was discolsed by Yasser Ali. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |