|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] CSRF with MS Word
From: David Kierznowski (david.kierznowski
gmail.com)
Date: Fri Nov 24 2006 - 13:12:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CSRF with MS Word
Our attack vector is found in exploiting MSWord's frame capabilities:
By creating malicious frames in a document and pointing them to a
malicious URL, we can exploit multiple, persistent (well almost, this
is limited) CSRF vulnerabilities (and possibly the browser).
See:
http://michaeldaw.org/md-hacks/csrf-with-msword/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]