Aaron Saray

open source programmer,
web developer

entrepreneur, author
and musician

My Blog

contains PHP, Web and business/entrepreneurial related content. Please join in the conversation!

Another example of CSRF – in CSS

Posted on March 5, 2009 by Aaron

Just saw this really cool example get submitted on one of my websites testing for CSRF:

?View Code CSS
1
#logo{background:url(deletepost.process.php?id=12345&userID=12345);

Just another great example of why you should 1) not use GET for irreversible changes 2) filter filter filter! (I edited that posting, it was a filtered by my script already…)

This entry was posted in CSS, javascript, security and tagged , , . Bookmark the permalink.

One Response to Another example of CSRF – in CSS

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>