Tim’s Weblog Tim's Weblog
Tim Strehle’s links and thoughts on Web apps, managing software development and Digital Asset Management, since 2002.
2007-10-11

Yahoo! Susceptible to Cross Site Request Forgery (XSRF) Attacks

Nitesh Dhanjani - Yahoo! Susceptible to Cross Site Request Forgery (XSRF) Attacks:

"It is possible for malicious sites to add or delete arbitrary Yahoo! calendar entries. The following HTML on a malicious site will add a Task and Event to the victim’s Yahoo! calendar."

Thu, 11 Oct 2007 13:40:11 +0000