Friday, July 20th, 2007p>Joe Walker will probably be happy to see this, and will be able to test DWR with it. Chris Shiflet has created a simple CSRF Redirector inspired by the XSS POST Forwarder:
It’s a simple tool that makes it easy to test CSRF using POST, hopefully demonstrating how prevalent CSRF vulnerabilities are as well as reducing the misconception that forging a POST request is complicated.
To use it, construct a URL of the form http://shiflett.org/csrf.php?csrf=
URLis the (URL-encoded) target site, and
VALUErepresent a name-value pair, of which there can be zero or more.
Google’s online security team recently posted about Automating web application security testing which discusses various XSS issues.
Posted by Dion Almaer at 5:46 am