BIROn - Birkbeck Institutional Research Online

    (C)SRF one-time token bypass using AJAX and XSS

    Eve, Martin Paul (2007) (C)SRF one-time token bypass using AJAX and XSS. ,

    [img] Text
    2007-05-24-csrf-one-time-token-bypass-using-ajax-and-xss.markdown - Published Version of Record
    Available under License Creative Commons Attribution.

    Download (1kB)


    This morning I knocked up some proof of concept code to illustrate the retrieval of one-time authentication tokens. The situation in which this is handy is when a site follows best practices and implements a one-time authentication token, but is vulnerable to a XSS attack.


    Item Type: Article
    School: Birkbeck Faculties and Schools > Faculty of Humanities and Social Sciences > School of Creative Arts, Culture and Communication
    Research Centres and Institutes: Contemporary Literature, Centre for
    Depositing User: Martin Eve
    Date Deposited: 20 Nov 2016 12:08
    Last Modified: 24 Aug 2023 13:55


    Activity Overview
    6 month trend
    6 month trend

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item