I was recently stealing anti-XSRF tokens using the CSS design error I found. In the (unnamed for now) app I was exploiting, all the fun happens in XSRF-protected POST requests with an XML RPC proto
[Or “Logout CSRF” for search indexes; I seem to be addicted to the less common acronym ;-)]Significant? No, of course not. It is a technical integrity violation inflicted upon good.com
Well, here’s a nice little gem for the festive season. I like it for a few distinct reasons:It’s one of those cases where if you look at web standards from the correct angle, you can se
[Aside: I’m not sure anyone cares, particularly because the “block third party cookies” option tends to break legitimate web sites. But I’ll document it just in case :)]Majo