[Esapi-user] cross-site request forgery (CSRF) attack

Kevin W. Wall kevin.w.wall at gmail.com
Fri Apr 9 22:50:42 EDT 2004


On Tue, Aug 23, 2011 at 2:40 AM, ashish kumar gautam
<gautamashishkumar at gmail.com> wrote:
> hi.....
> i am not able to create csrftoken and find the following error message .
>
>
> [Tue Aug 23 11:47:29 IST 2011] [Error] potential cross-site request forgery
> (CSRF) attack thwarted (user:<anonymous>, ip:0:0:0:0:0:0:0:1,
> uri:/csrfgurdtest/tag.jsp, error:required token is missing from the request)
> [Tue Aug 23 11:47:29 IST 2011] [Info] CsrfGuard skipping redirect token
> injection for location /Owasp.CsrfGuard.Test/error.html

Ashish,
We are not going to be able to help you if you don't describe the
context of what
you are trying to do and at least show us a code snippet of HOW you
are attempting to
do it.

And also, are you using OWASP CSF Guard (a separate OWASP project) or ESAPI?
And, if ESAPI, what version?

Thanks,
-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein


More information about the Esapi-user mailing list