Another example of CSRF - in CSS

This post is more than 18 months old. Since technology changes to rapidly, this content may be out of date (but that's not always the case). Please remember to verify any technical or programming information with the current release.

Just saw this really cool example get submitted on one of my websites testing for CSRF:

#logo{background:url(deletepost.process.php?id=12345&userID;=12345);

Just another great example of why you should

1) not use GET for irreversible changes

2) filter filter filter! (I edited that posting, it was a filtered by my script already…)

Return to All Posts

or use RSS