Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
z-factor
on Aug 6, 2013
|
parent
|
context
|
favorite
| on:
Security advisory: Breach and Django
I understand how the attack works, the question was about how a practical exploit would actually be carried out. I've figured out how one would issue GET requests from the right environment, but I don't know if the same is possible for POST.
wglb
on Aug 6, 2013
|
next
[–]
It is just as possible. POST csrf exploits add between two and three minutes to an attacker to craft the request differently.
tptacek
on Aug 6, 2013
|
prev
|
next
[–]
Just in case you weren't clear on this already: CSRF works just fine against POST endpoints. Think Javascript.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
