Cross-site request forgery
Posted Oct 18, 2007 10:56 UTC (Thu) by rwmj
Parent article: Cross-site request forgery
Not sure about "sleeping giant". CSRF is routinely used to exploit
home ADSL routers, with requests of the form
http://192.168.2.1/firewall.cgi?disable. With a trivial extra image you can also pick up the exploited user's public IP address.
to post comments)