XSS combined with CSRF

Viewing 1 reply thread
  • Author
    Posts
    • #1230
      mn_kthompson
      Participant

      I found an interesting article over at the Dark Reading website about a technique that was recently covered at Black Hat Europe.  The hack involves combining XSS and CSRF to gain control of a browser and launch attacks against other sites using the users level of access. 

      An example giving in the article would be to gain control of a corporate users browser and then attack corporate servers from inside the firewall.

      http://www.darkreading.com/document.asp?doc_id=120801&WT.svl=news1_4

      If you’re like me, and you’ve never heard of CSRF before, you can read about it in more detail at wikipedia!  http://en.wikipedia.org/wiki/CSRF

    • #12225
      heffnercj
      Participant

      XSS and CSRF are everywhere, and I don’t think that most people are really taking them seriously enough. There are some really awesome XSS attacks that can be done, and as this article shows, when combined with CSRF you aren’t safe from them even if your site has no XSS what so ever. I’d reccommend checking out sla.ckers.org, ha.ckers.org and jeremiah grossman’s blog, they all have a lot of cool XSS-related information.

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?