Another example of CSRF - in CSS

Mar 5, 2009 css javascript security
This post is more than 18 months old. Since technology changes too rapidly, this content may be out of date (but that's not always the case). Please remember to verify any technical or programming information with the current release.

Just saw this really cool example get submitted on one of my websites testing for CSRF:

#logo{background:url(deletepost.process.php?id=12345&userID;=12345);

Just another great example of why you should

  1. not use GET for irreversible changes

  2. filter filter filter! (I edited that posting, it was a filtered by my script already…)

Go to All Posts