EHS Blog
Home  
 

 
Categories

Web Hosting
Website Design
PHP
Perl
JSP
   

 
Archives
No Records !!!
   
 

 
More CSRF Redirectors
at 2007-08-12 15:10:20


Today I learned about another CSRF redirector by another group of people in web application security called GNUCITIZEN.


Similar to the previous CSRF redirector it contains the same XSS vulnerability through the javascript URI scheme.


Example:

http://www.gnucitizen.org/util/csrf?..._url=javascript:alert(/.../);


Update: The bug is fixed for now...



Blog Source - http://blog.php-security.org/feeds/index.rss
 


Last 10 Posts
   
  - Java University: Building Dynamic Web Sites with Ajax and Dojo
  - JavaFX -- Simplifying UI for Content Developers
  - Simplify App Development with The Swing Application Framework
  - Configuring NetBeans for the Java Persistence API
  - The Swing Application (Un)Framework
  - POJOs on the Desktop with the Java Persistence API
  - Swing Application Framework Architecture
  - Swing Application Framework: Lifecycle Events
  - Core Java Technologies Tech Tips
  - Managing resources in the Swing Application Framework (JSR 296)
   

Check Out Amazon