chr1x pwning teh w0rld - bl0g p0st        "The computer security is an art form. It's the ultimate martial art."
	Submit Date: "Friday 30th of April 2010 09:09:55 AM" Thread Title: "Stealing security tokens with CSRF and XSS attacks"   Thread Content: Some days ago I was reading the WebAppSec list about a very good topic where talking about the use of CSRF and XSS attacks to steal the security tokens created by the webapp, so I decided to write a little php vulnerable to see in "live" how an attack could be possible. Yesterday at night, my friend hkm successfully pwned the PoC I made. Click on this link to see the solution provided by him. Thanks to hkm, Gaz Heyes, Achim Hoffmann and all the guys of the WebAppSec list. Hope you liked this little stuff. chr1x
	Share |