BIROn - Birkbeck Institutional Research Online

    (C)SRF one-time token bypass using AJAX and XSS

    Eve, Martin Paul (2007) (C)SRF one-time token bypass using AJAX and XSS. martineve.com ,

    [img] Text
    2007-05-24-csrf-one-time-token-bypass-using-ajax-and-xss.markdown - Published Version of Record
    Available under License Creative Commons Attribution.

    Download (1kB)

    Abstract

    This morning I knocked up some proof of concept code to illustrate the retrieval of one-time authentication tokens. The situation in which this is handy is when a site follows best practices and implements a one-time authentication token, but is vulnerable to a XSS attack.

    Metadata

    Item Type: Article
    School: Birkbeck Schools and Departments > School of Arts > English and Humanities
    Research Centre: Contemporary Literature, Centre for
    Depositing User: Martin Paul Eve
    Date Deposited: 20 Nov 2016 12:08
    Last Modified: 07 Dec 2016 15:38
    URI: http://eprints.bbk.ac.uk/id/eprint/16798

    Statistics

    Downloads
    Activity Overview
    12Downloads
    46Hits

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item