On Sat, 12 May 2007, Josh Zlatin-Amishav wrote: > On Fri, 11 May 2007, Tim Newsham wrote: > > > This might just be semantics: I wouldn't consider the XSS attack to be a > > CSRF attack. > > The point is, if the application is vulnerable to an XSS vulnerability > then having a CSRF token wont protect you from a CSRF attack. The > attacker could use the XSS vector to steal the CSRF token, much like the > Samy worm worked. Let's have an HTTP server with a buffer overflow vulnerability making it possible to run arbitrary code. We can use the vulnerability to read files outside the document root (perhaps using relative pathnames like "../../../file") but I don't think this means we should call such an attack "a path traversal". --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
