[Owasp-delhi] Please clarify

Bipin Upadhyay muxical.geek at gmail.com
Mon Feb 2 21:45:01 EST 2009


You may find this helpful: 
http://blog.thinkphp.de/archives/150-Buy-one-XSS,-get-a-CSRF-for-free.html

Regards,
Bipin Upadhyay.

Parmendra Sharma wrote:
> Hello All,
>  
> Please clarify the belowmentioned point:
>  
> "XSS flaws is susceptible to CSRF because a CSRF attack can exploit 
> the XSS flaw to steal any non-automatically submitted credential that 
> might be in place to protect against a CSRF attack"
> Please mention the scenerio where both the vulnerabilities are in 
> action....
> -- 
> Thanks and Regards:
>
> Parmendra Sharma
> Indian Computer Emergency Response Team (CERT-In)
> Ministry of Information Technology
> Government of India
> 6 C.G.O Complex
> Lodhi Road
> New Delhi
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>   



More information about the Owasp-delhi mailing list