Jacob Kaplan-Moss

2 items tagged โ€œcsrfโ€

๐Ÿ“Œ Into the symmetry: CSRF in Facebook/Dropbox - "Mallory added a file using Dropbox"

A variation of the a classic OAuth vulnerabilty. These shorts of things are depressingly common, and this is why people sometimes talk about OAuth itself as being insecure. #

๐Ÿ“Œ CSRF: Flash + 307 redirect = Game Over (CSRF: Flash + 307 redirect = Game Over)

The exploit we just released fixes for. turns out itโ€™s a bug in flash. Iโ€™m shocked, shocked. #