| |||||||||||||
Cross-site request forgeryCross-site request forgeryPosted Oct 18, 2007 11:32 UTC (Thu) by skx (subscriber, #14652)Parent article: Cross-site request forgery
I wrote about this previously here: http://www.debian-administration.org/articles/465 Whilst the main diagnosis of GET/POST abuse is correct it is still possible to submit forms via POST with a little user action. Consider a form which is hidden and a link which has 'onClick=form.submit()' for example.
(Log in to post comments)
|
|||||||||||||