

CSRF on moneybookers, yfrog and few other sites - homakov
http://homakov.blogspot.com/2012/03/hacking-skrillformer-moneybookers.html?sup
well, let's teach develepers.
======
nbpoole
Previous relevant discussions on HN:

\- <http://news.ycombinator.com/item?id=3791281>

\- <http://news.ycombinator.com/item?id=3789673>

\- <http://news.ycombinator.com/item?id=3778158>

------
specialist
Egor, I very much appreciate your efforts. That's a lot of examples, a whole
lot work.

I'm a complete noob about browser security stuff. So I had to lookup "CSRF".
Maybe spell out acronyms or link to their definitions.

Cross-site request forgery

<http://en.wikipedia.org/wiki/Cross-site_request_forgery>

[https://www.owasp.org/index.php/Cross-
Site_Request_Forgery_(...](https://www.owasp.org/index.php/Cross-
Site_Request_Forgery_\(CSRF\))

Since I'm working on some public facing websites, and need to learn this
stuff, your work is definitely helpful. Thank you.

------
xSwag
There are CSRF vulns everywhere. Infact, It was a CSRF that got me into the
Google Hall of Fame!

