Video: Bypassing phpNuke 8.x Referer Check Anti-CSRF Defense

[View Online | Download]

Description: This demo proves that simply validating hostname in HTTP Referer, a widely deployed quick anti-csrf defense, can easily be bypassed.

Popular posts from this blog

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability

Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities