Cross-reference to a site with an external site in different domains
3 answers
There is a type of vulnerability called Cross Site Request Forgeries or XSRF. XSRF has nothing to do with the datatype, but rather that the request is coming from another server. http://www.owasp.org/index.php/XSRF
Here is the XSRF exploit POST request I wrote: http://www.exploit-db.com/exploits/7922/ This javascript is used to automatically disable the form when the page is viewed:
<script>document.getElementById(1).submit();</script>
0
source to share
You probably want to know more about the policy of the same origin, this is the best post I have found: http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy p>
0
source to share