Simon Willison’s Weblog

Items tagged csrf in Mar, 2007

Filters: Year: 2007 × Month: Mar × csrf ×


Chris Shiflett: My Amazon Anniversary. Chris Shiflett discloses an unfixed CSRF vulnerability in Amazon’s 1-Click feature that lets an attacker add items to your shopping basket—after reporting the vulnerability to Amazon a year ago! # 16th March 2007, 10:16 am

JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor. # 5th March 2007, 10:51 pm

Types

Years

Months

Tags