[wp-hackers] Any other way to do it? (or,
do we really need Nonces?)
elharo at metalab.unc.edu
Sat Mar 3 14:55:05 GMT 2007
Martin Fitzpatrick wrote:
> Automatic POSTing can be done automagically on any webpage using
> browser (may) submit your cookies for it along with the data. A form
> to do that can be hidden / in a frame. You could even be presented
> with a "Submit" button that looks as though it's part of another form.
> Everyone can be tricked.
I don't believe this. I've found specific claims to the contrary.
I don't disbelieve it either. Often such claims miss things.
that submits a POST to a 3rd party site with authentication cookies intact.
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
More information about the wp-hackers