We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
E: 31/01 Win A Gillette Goody Bag
Lakshmi7
Posts: 339,963 Forumite
It is a scientific fact that your body will not absorb calories if you take it from another person's plate.
:A :A :A
Chocolate is the answer and I don't give a damn what
the question is.;)
0
Comments
-
According to this on the 13/12/2011 he scored 1179, not sure if this is correct tho?
As i know nothing about rugby, sorry
http://www.dailymail.co.uk/news/article-2073271/Jonny-Wilkinson-announces-retirement-international-rugby.html0 -
i agree with Goblin36
plus its one of the answers! x 16 Goals for 2016
laptop, clothes vouchers, supermarket vouchers, car, uk holiday, cat food/things, [STRIKE]ipad[/STRIKE], spa break, [STRIKE]holiday abroad[/STRIKE], sky win, cash over £1000, fit bit, gym membership, handbag, [STRIKE]tv[/STRIKE], hair things
:A0 -
- csrf token: CSRF attack detected.
January 2012 Debenhams Goodie Bag and Conor Maynard Tickets (= happy teenage daughter!).
Thanks to all who post, and GL to all who try!!0 -
I got exactly the same and my entry didn't go throughworriedmum46 wrote: »- csrf token: CSRF attack detected.
Thanks to all who post compsITV winners membersclub#20 -
According to this on the 13/12/2011 he scored 1179, not sure if this is correct tho?
As i know nothing about rugby, sorry
http://www.dailymail.co.uk/news/article-2073271/Jonny-Wilkinson-announces-retirement-international-rugby.html
1179
Same answeron wikipedia:DWins:
Mar 23 - Ridge WalletMar 23 - Blackpool family trip
Dec - Klean Kanteen water bottle
Nov - TWS1 Edifier headphones0 -
Works fine on chrome0
-
csrf token: CSRF attack detected in IE but fine in FF0
-
csrf token: CSRF attack detected in IE and FF.0
-
Cross-site request forgery CSRF
http://en.wikipedia.org/wiki/Cross-site_request_forgery
I'm getting the same message with IE9
I've now tried Safari, and it went through ok0 -
Cross-site request forgery
From Wikipedia, the free encyclopedia
Jump to: navigation, search
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
Contents
URL="http://forums.moneysavingexpert.com/#"][COLOR=#0066cc]hide[/COLOR][/URL- 1 Background
- 2 Example and characteristics
- 3 Limitations
- 4 Severity
- 5 Forging login requests
- 6 Other approaches to CSRF
- 7 Prevention
- 8 See also
- 9 References
- 10 External links
CSRF vulnerabilities have been known and in some cases exploited since 2001.[3] Because it is carried out from the user's IP address, some website logs might not have evidence of CSRF.[2] Exploits are under-reported, at least publicly, and as of 2007[4] there are few well-documented examples. About 18 million users of eBay's Internet Auction Co. at Auction.co.kr in Korea lost personal information in February 2008I][URL="http://forums.moneysavingexpert.com/wiki/Wikipedia:Citation_needed"][COLOR=#0066cc]citation needed[/COLOR][/URL][/I. Customers of a bank in Mexico were attacked in early 2008 with an image tag in email. The link in the image tag changed the DNS entry for the bank in their ADSL router to point to a malicious website, impersonating the bank.[5]
URL="http://forums.moneysavingexpert.com/w/index.php?title=Cross-site_request_forgery&action=edit§ion=2"][COLOR=#0066cc]edit[/COLOR][/URL Example and characteristics
A National Vulnerability Database page describing a CSRF hole
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have been authenticated.[1] For example, one user, Bob, might be browsing a chat forum where another user, Fred, has posted a message. Suppose that Fred has crafted an HTML image element that references an action on Bob's bank's website (rather than an image file), e.g.,
<img src="http://bank.example.com/withdraw?account=bob&amount=1000000&for=Fred">
If Bob's bank keeps his authentication information in a cookie, and if the cookie hasn't expired, then the attempt by Bob's browser to load the image will submit the withdrawal form with his cookie, thus authorizing a transaction without Bob's approval.
A cross-site request forgery is a confused deputy attack against a Web browser. The deputy in the bank example is Bob's Web browser which is confused into misusing Bob's authority at Fred's direction.
The following characteristics are common to CSRF:- Involve sites that rely on a user's identity
- Exploit the site's trust in that identity
- Trick the user's browser into sending HTTP requests to a target site
- Involve HTTP requests that have side effects
CSRF attacks using image tags are often made from Internet forums, where users are allowed to post images but not JavaScript.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.4K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.8K Spending & Discounts
- 244.4K Work, Benefits & Business
- 599.6K Mortgages, Homes & Bills
- 177.1K Life & Family
- 257.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards