Tech | March 12, 2010 | 0 comments

Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

Paisano1
added this

It’s been a while since I’ve talked about Clickjacking, with only a few exceptions here and there. Mostly because I haven’t seen it much in the wild - at least not yet. But there’s still a lot of research out there to be done. I got an interesting email the other day that talked about a way to use parameter pollution (or a mix of URL parameters and POST) to create a condition where you can defeat CSRF tokens...

https://www.infosecisland.com/articleview/3256-Using-Parameter-Pollution-and-Cli...

groups:

Community, Tech, Current Tonight
tags:

Government, Financial, Hackers, National Security, Due diligence, Insider Threat, breach, Anthony M. Freed, Military, Infosec Island Network, Healthcare, Privacy, malware, Sarbanes-Oxley, Cloud Computing, Internet Security Alliance, identity-theft, Uncategorized, Webcast, D&O Liability, FEATURE ARTICLE, Virtualization, The Jester, Trefis 20 more
|

0 comments // Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

display: newest | oldest | popular

upload file

webcam

embed code

image url
- Paste the url of an image:
  process
  
  Paste an embed code:
  
  process
- Upload an image file:
  
  1MB file size limit
  - Online Display Ad:
    300x250 pixels
  - Flash Video Overlay Ad:
    300x50 pixels
  Upload an image to represent your video:
  
  We will automatically pick out an image to represent video files. If you want to choose your own image, upload it here.
- Record a webcam:
[x]

we might already have a story about this:
Choose media for your post:
checking post...
+ add

blog/

text/

link/

image

/webcam

+ add

embed code/

image url

checking post...

| cancel
I want to upload this to Current.com, and I own the rights to this file.
- Help us classify your file. What kind of upload is it?
- Pod (short non-fiction video, usually 1-7 minutes long, that tells a story or profiles a character)
- Other Awesome Stuff (anything else)
| cancel

select your country

Community Spotlight

Join a Community Group

BFD - Big Featured Discussion

Viewer Created Content

Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

0 comments // Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

we might already have a story about this:

top videos

Countdown

Oklahoma ‘outrage’: State Sen. Constance Johnson fights personhood bill with satiric amendment

The Young Turks

Videos posted by Syrians under siege show desperate need for U.S. intervention

The War Room

Fired Up! What would Jesus do about birth control debate?

Countdown

Contraceptive compromise: Markos Moulitsas considers Obama’s strategy to counter the culture warriors

find current on tv

find current online

recent comments

© 2012 Current TV, LLC
All Rights Reserved

the basics

follow us online

tools

stay in touch

select your country

Community Spotlight

Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

0 comments // Using Parameter Pollution and Clickjacking to Aid Anti-CSRF Bypass

we might already have a story about this:

top videos

find current on tv

find current online

recent comments

© 2012 Current TV, LLC All Rights Reserved

the basics

follow us online

tools

stay in touch

© 2012 Current TV, LLC
All Rights Reserved