BIROn - Birkbeck Institutional Research Online

    (C)SRF one-time token bypass using AJAX and XSS

    Eve, Martin Paul (2007) (C)SRF one-time token bypass using AJAX and XSS. eve.gd ,

    [img] Text
    2007-05-24-csrf-one-time-token-bypass-using-ajax-and-xss.markdown - Published Version of Record
    Available under License Creative Commons Attribution.

    Download (1kB)

    Abstract

    This morning I knocked up some proof of concept code to illustrate the retrieval of one-time authentication tokens. The situation in which this is handy is when a site follows best practices and implements a one-time authentication token, but is vulnerable to a XSS attack.

    Metadata

    Item Type: Article
    School: Birkbeck Faculties and Schools > Faculty of Humanities and Social Sciences > School of Creative Arts, Culture and Communication
    Research Centres and Institutes: Contemporary Literature, Centre for
    Depositing User: Martin Eve
    Date Deposited: 20 Nov 2016 12:08
    Last Modified: 24 Aug 2023 13:55
    URI: https://eprints.bbk.ac.uk/id/eprint/16798

    Statistics

    Activity Overview
    6 month trend
    97Downloads
    6 month trend
    280Hits

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item