[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CSRF-ing “Blogger Classic”

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] CSRF-ing “Blogger Classic”
From: pagvac <unknown.pentester@xxxxxxxxx>
Date: Mon, 22 Jan 2007 23:52:14 +0000

A few days ago, an experiment on hijacking blogs through CSRF attacks
was published on GNUCITIZEN. In this particular case, the chosen
blogging platform for the experiment was Blogger. Now, a few days
later, I can confirm that Google has tokenized the requests that made
it possible to hijack a blog in a two-shots attack.

More info can be found on the following URL:

http://www.gnucitizen.org/blog/csrf-ing-blogger-classic

-- 
pagvac
[http://ikwt.com/]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Bluetooth DoS by obex push
Next by Date: [Full-disclosure] [New Tool]PReplay - A pcap traffic replay tool
Previous by thread: Re: [Full-disclosure] Bluetooth DoS by obex push [CORRECTED]
Next by thread: [Full-disclosure] [New Tool]PReplay - A pcap traffic replay tool
Index(es):
- Date
- Thread