(C)SRF one-time token bypass using AJAX and XSS
Eve, Martin Paul (2007) (C)SRF one-time token bypass using AJAX and XSS. martineve.com ,
2007-05-24-csrf-one-time-token-bypass-using-ajax-and-xss.markdown - Published Version
Available under License Creative Commons Attribution.
This morning I knocked up some proof of concept code to illustrate the retrieval of one-time authentication tokens. The situation in which this is handy is when a site follows best practices and implements a one-time authentication token, but is vulnerable to a XSS attack.
|School:||Birkbeck Schools and Departments > School of Arts > English and Humanities|
|Research Centre:||Contemporary Literature, Centre for|
|Depositing User:||Martin Paul Eve|
|Date Deposited:||20 Nov 2016 12:08|
|Last Modified:||07 Dec 2016 15:38|
Additional statistics are available via IRStats2.