[UPHPU] receiving with $_REQUEST

Joshua Simpson std3rr at gmail.com
Thu Feb 28 16:52:48 MST 2008


On Thu, Feb 28, 2008 at 3:48 PM, Wade Preston Shearer <lists at wadeshearer.com>
wrote:

>
> It doesn't need to be XMLHttpRequest(). You can just use javascript to
> submit a form which posts to a script which uses curl to post to the
> shopping cart script. <http://irc.freenode.net>


You defeat the purpose of CSRF by going outside the domain to use the
script.  CSRF attacks go after already applied authentication by using it
against the user (using their security auth to do something malicious ).



-- 
-
http://stderr.ws/
"Insert pseudo-insightful quote here." - Some Guy


More information about the UPHPU mailing list