I don’t usually post non-original content here, but in this case I’ll make an exception 🙂 Here’s one of the things I’ve been working on over in Chromium land:http://blog.
Month: January 2010
I was recently stealing anti-XSRF tokens using the CSS design error I found. In the (unnamed for now) app I was exploiting, all the fun happens in XSRF-protected POST requests with an XML RPC proto
[Or “Logout CSRF” for search indexes; I seem to be addicted to the less common acronym ;-)]Significant? No, of course not. It is a technical integrity violation inflicted upon good.com