Friday, July 20th, 2007
It’s a simple tool that makes it easy to test CSRF using POST, hopefully demonstrating how prevalent CSRF vulnerabilities are as well as reducing the misconception that forging a POST request is complicated.
To use it, construct a URL of the form http://shiflett.org/csrf.php?csrf=
URLis the (URL-encoded) target site, and
VALUErepresent a name-value pair, of which there can be zero or more.
Google’s online security team recently posted about Automating web application security testing which discusses various XSS issues.
Posted by Dion Almaer at 5:46 am