(C)SRF one-time token bypass using AJAX and XSS
Eve, Martin Paul (2007) (C)SRF one-time token bypass using AJAX and XSS. martineve.com ,
![[img]](https://eprints.bbk.ac.uk/style/images/fileicons/text.png) |
Text
2007-05-24-csrf-one-time-token-bypass-using-ajax-and-xss.markdown - Published Version of Record Available under License Creative Commons Attribution. Download (1kB) |
Official URL: https://www.martineve.com/2007/05/24/csrf-one-time...
Abstract
This morning I knocked up some proof of concept code to illustrate the retrieval of one-time authentication tokens. The situation in which this is handy is when a site follows best practices and implements a one-time authentication token, but is vulnerable to a XSS attack.
Metadata
| Item Type: | Article |
|---|---|
| School: | School of Arts > English, Theatre and Creative Writing |
| Research Centres and Institutes: | Contemporary Literature, Centre for |
| Depositing User: | Martin Eve |
| Date Deposited: | 20 Nov 2016 12:08 |
| Last Modified: | 07 Dec 2016 15:38 |
| URI: | https://eprints.bbk.ac.uk/id/eprint/16798 |
Statistics
Downloads
Activity Overview
6 month trend
6 month trend
Additional statistics are available via IRStats2.
Archive Staff Only (login required)
 |
Edit/View Item |