Dealing with HTML submits conflicts Mar 9, 2014 This first post is related with one of my project : CSRFT. CSRFT is a Cross Site Request Forgery (CSRF) vulnerabilities Toolkit. My toolkit allows you to exploit either GET and POST HTTP Requests. During some testings, I had issues with some specific forms. Let's take an example of such form : <form action="http://website.com/blog/" id="form" method="get"> <label class="assistive-text" for="s">Search</label> <input class="field" id="s" name="s" placeholder="Search" type="text" value="Search Value"/> <input class="submit" id="searchsubmit" name="submit" type="submit" value="Search"/> </form> The code injected on the page to submit the form was like that : ...
Starting my own blog Mar 4, 2014 Starting my own blog has been something I really wanted to do. I'll add post related to my different projects but also on Web security. Here are my different motivations : 1. Provide a portfolio of my different projects. 2. Explain some problems I had and provide the solution 3. Talk about some geek stuffs. Let's see :) Hope you'll have fun to read me. Cheers and see you soon.