Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Fun With CSRF


ghost's Avatar
0 0

just watched it. nice work;) hope you do another one because that one was quite good


ghost's Avatar
0 0

Very nice XSS/CSRF!

Wouldn't it have been possible to create an XSS worm by making whoever viewed your profile post the same on their profile as well?


ghost's Avatar
0 0

that's not possible?, the server has to use $_REQUEST for that to work, images are sent in $_GET aren't they? so you can't do a $_POST with images without the server using REQUEST…

quote me if im wrong :S


ghost's Avatar
0 0

HackingForce wrote: that's not possible?, the server has to use $_REQUEST for that to work, images are sent in $_GET aren't they? so you can't do a $_POST with images without the server using REQUEST…

quote me if im wrong :S you're wrong. you CAN do it with post


ghost's Avatar
0 0

just watched it. very cool. taught me things. excellent work.


ghost's Avatar
0 0

Hey dude can you reup the vid?


yours31f's Avatar
Retired
10 0

Wow, good job necro-ing a thread thats been dead for a year and a half. Last Post ( 09-06-07 ) . Next time check before you post.


spyware's Avatar
Banned
0 0

st3f0 wrote: Hey dude can you reup the vid?

Contact nights_shadow and ask him for funwithcsrf.avi. He'll sort you out.