AliceTheHive/advanced-csrf

Advanced CSRF / Have fun and profit / Time-based Blind SQL Injection through CSRF attacks

ACSRF: Advanced Cross Site Request Forgery

by Manfred Touron

Docs & links

• White paper (french)
• SSTIC 08' rump session beamer : http://actes.sstic.org/SSTIC08/Rump_sessions/SSTIC08-Rump-Guasconi-Touron_AdvancedCSRF_slides.pdf (french)
• first documentation (old & french)
• SLA.CKERS forum thread about ACSRF : http://sla.ckers.org/forum/read.php?13,23273 (english)

Demos

• via GMail
• via ThunderBird

© 2008 Manfred Touron - BSD License.