XSRF - cross-site request forgery (was: Keyurbsorathia wants to share Favorites with you)

25 Oct 2007 - 8:16pm
914 reads
Omri Eliav

(Maybe not the right list... but good to know)
It is actually a minor case of XSRF attack (cross-site request forgery).

The link above is a google search but it might have been transfer X
amount of money to Y. That's of course will work If your bank is
stupid enough (some are) to allow *significant and predictable*
action by HTTP request, and you're happen to be logged into your bank
account (in a different tab maybe?).

This attack is "statistic", but an attacker can send endless number
of emails. (maybe he collected ours too ;-)

How many of you use top 5 seller Wi-Fi router?
Do you use the default IP?
Have you changed the default Username/Password?
I think I can lead some of you to grant me permission into your

My grandpa use to say: "be careful where you click"

- Omri

On Oct 24, 2007, at 11:54 AM, Gajendra Agrawal wrote:

> I think this is a result of misleading design. These are cheap tricky
> methods to get more Users base eventually more traffic and money.
> Finally
> users lands up in embarrassing situations like this. This
> invitation might
> go to your VP, Girl fiend, Father, etc. Because people have all
> kind of
> email Address in their Address Book. Like Keyur sent this to IXDA
> and some
> other mailing list. :(

Syndicate content Get the feed