Outer Web | Explore

Explore >> Select a destination

You are here		homakov.blogspot.com Egor Homakov: Hacking Github with Webkit
\|	\|	www.evil.blog Facebook's Oculus - Cross-Site Content Hijacking (XSCH) to Bypass SOP - Paulos Yibelo - Hacking Research	4.9 parsecs away Travel
\|	\|	[AI summary] A security researcher details a cross-site content hijacking vulnerability that allowed malicious Flash files to bypass Facebook's SOP by exploiting permissive crossdomain.xml settings on Oculus, leading to a quick patch.	4.9 parsecs away Travel
\|	\|	smagin.fyi Cross-Site Requests \| SMAGIN	4.8 parsecs away Travel
\|	\|	Why do we have both CSRF protection and CORS?	4.8 parsecs away Travel
\|	\|	introvertmac.wordpress.com Understanding CSRF attacks \| what I'm breaking...	4.6 parsecs away Travel
\|	\|	What is CSRF ? "Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts." - Wikipedia CSRF is at 8th position in OWASP...	4.6 parsecs away Travel
\|	\|	www.arneswinnen.net Authentication bypass on Airbnb via OAuth tokens theft - Arne Swinnen	22.4 parsecs away Travel
\|		[AI summary] A security researcher details how Airbnb was vulnerable to an authentication bypass attack that combined login CSRF with an open redirect flaw to steal OAuth tokens via Facebook and Google, earning a $5,000 bounty after the issues were fixed in 2016.	22.4 parsecs away Travel