@avlidienbrunn @homakov @manicode
there are way to much ways to leak CSRF.
-
-
-
@avlidienbrunn@homakov@manicode And there were attacks like SVG-filter attacks, which could be used to read CSRF Tokens Cross Origin -
@insertScript@avlidienbrunn@homakov@manicode how many people use XSRF bypasses in real life? plausible scenarios but quickly patched -
@insertScript@avlidienbrunn@homakov@manicode s/XSRF/anti-XSRF/ ;-) -
@antisnatchor@avlidienbrunn@homakov@manicode yeah thats true, just wanted to mention that it is not impossible -
@insertScript@antisnatchor@avlidienbrunn@homakov@manicode When CSP is too strong and XSS is no hope, CSRF lefthttp://blog.innerht.ml/csp-2015/#casestudytwitterscsrftokenexfiltration … - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.