Blog
Friends Don’t Let Friends Mix XSS and CSRF
By Craig Young on Sun, 02/16/2014
In preparation for my upcoming talk at BSides SF about finding vulnerabilities, I would like to share today some insights regarding two common types of vulnerabilities which leverage web browser in two unique ways.
The goal of these vulnerabilities is quite different however. One is used to run untrusted code while the other is used to hijack authentication. The combined effect of these issues...