injection
< database
< library
< code
< dev
< development
< web
< tool
< online
< social
< delicious
< susanbeebe
Get flash to fully experience Pearltrees
A few weeks ago, I started receiving tweets and emails from people who claimed that search results for my site were looking more like a pharmacy than a helpful Web resource. Of course, upon hearing such blasphemy, I immediately opened a new browser tab, looked around to make sure no one was watching, and then started Googling myself…and if you think that is some NC -17 material, wait til you see what my search results looked like: Figure 1 .
Cross-site request forgery , also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf [ 1 ] ) or XSRF , is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. [ 2 ] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. [ edit ] History CSRF vulnerabilities have been known and in some cases exploited since 2001. [ 3 ] Because it is carried out from the user's IP address , some website logs might not have evidence of CSRF. [ 2 ] Exploits are under-reported, at least publicly, and as of 2007 [ 4 ] there are few well-documented examples. About 18 million users of eBay 's Internet Auction Co. at Auction.co.kr in Korea lost personal information in February 2008. [ 5 ] Customers of a bank in Mexico were attacked in early 2008 with an image tag in email.
