Hacker News new | ask | show | jobs
by z-factor 4693 days ago
I understand how the attack works, the question was about how a practical exploit would actually be carried out. I've figured out how one would issue GET requests from the right environment, but I don't know if the same is possible for POST.
2 comments
wglb 4693 days ago
It is just as possible. POST csrf exploits add between two and three minutes to an attacker to craft the request differently.
link
tptacek 4693 days ago
Just in case you weren't clear on this already: CSRF works just fine against POST endpoints. Think Javascript.
link