http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/?utm_source=rss&utm_medium=rss&utm_campaign=csrf-pwns-your-box Thoughts on Security in an Uncivilized World… Fri, 27 Apr 2012 13:53:43 +0000 hourly 1 http://wordpress.org/?v=3.3.2 http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/comment-page-1/#comment-497 UTorrent + CSRF = STALLOWN3D!1 | www.WannaHack.com Mon, 09 Jun 2008 17:59:45 +0000 http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/#comment-497 [...] related article can be found at http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/  Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...] [...] related article can be found at http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/  Share and Enjoy: These icons link to social bookmarking sites where readers can share and [...]

]]> http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/comment-page-1/#comment-431 Awesome AnDrEw Thu, 24 Apr 2008 13:30:04 +0000 http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/#comment-431 Beautifully orchestrated example of how Cross-Site Request Forgeries are often more useful than Cross-Site Scripting alone. This was a very clever method for manipulating the client, and possibly gaining persistent access to the victim's computer. This demonstration, and the one to snare GMail accounts, have really impressed me and should cause developers to realize why these issues are so important. On a side note: uTorrent sucks. Beautifully orchestrated example of how Cross-Site Request Forgeries are often more useful than Cross-Site Scripting alone. This was a very clever method for manipulating the client, and possibly gaining persistent access to the victim’s computer. This demonstration, and the one to snare GMail accounts, have really impressed me and should cause developers to realize why these issues are so important. On a side note: uTorrent sucks.

]]> http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/comment-page-1/#comment-430 Sad panda Thu, 24 Apr 2008 12:52:31 +0000 http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/#comment-430 but it does require admin rights to write to %allusersprofile%, and who would run p2p apps as admin? but it does require admin rights to write to %allusersprofile%, and who would run p2p apps as admin?

]]> http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/comment-page-1/#comment-427 Austoon Daily » CSRF pwns your box?!?! Tue, 22 Apr 2008 14:59:12 +0000 http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/#comment-427 [...] CSRF pwns your box?!?! [...] [...] CSRF pwns your box?!?! [...]

]]> http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/comment-page-1/#comment-425 pbnetworks » Blog Archive » Computer takeover via cross site request forgery Mon, 21 Apr 2008 22:02:02 +0000 http://xs-sniper.com/blog/2008/04/21/csrf-pwns-your-box/#comment-425 [...] expert Billy Rios has reported a vulnerability that Rob Carter discovered in the Web UI of the popular µTorrent [...] [...] expert Billy Rios has reported a vulnerability that Rob Carter discovered in the Web UI of the popular µTorrent [...]

]]>