cwong-scw
commented
3 years ago xss
Closed cwong-scw closed 3 years ago
cwong-scw
commented
3 years ago xss
cwong-scw
commented
3 years ago csrf
temp-scw-app[bot]
commented
3 years ago Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.
cwong-scw
commented
3 years ago ssrf
cwong-scw
commented
3 years ago csrf ssrf
temp-scw-app[bot]
commented
3 years ago Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.
sqli