[Esapi-user] cross-site request forgery (CSRF) attack
Kevin W. Wall
kevin.w.wall at gmail.com
Fri Apr 9 22:50:42 EDT 2004
On Tue, Aug 23, 2011 at 2:40 AM, ashish kumar gautam
<gautamashishkumar at gmail.com> wrote:
> i am not able to create csrftoken and find the following error message .
> [Tue Aug 23 11:47:29 IST 2011] [Error] potential cross-site request forgery
> (CSRF) attack thwarted (user:<anonymous>, ip:0:0:0:0:0:0:0:1,
> uri:/csrfgurdtest/tag.jsp, error:required token is missing from the request)
> [Tue Aug 23 11:47:29 IST 2011] [Info] CsrfGuard skipping redirect token
> injection for location /Owasp.CsrfGuard.Test/error.html
We are not going to be able to help you if you don't describe the
context of what
you are trying to do and at least show us a code snippet of HOW you
are attempting to
And also, are you using OWASP CSF Guard (a separate OWASP project) or ESAPI?
And, if ESAPI, what version?
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
More information about the Esapi-user