Difference between revisions of "XSCF"
|Line 16:||Line 16:|
Latest revision as of 23:49, 15 May 2012
|This article contains too little information, it should be expanded or updated.|
|Things you can do to help:
|It has been proposed that XSCF be merged with XSS.|
|If you have comments please make them on the Discussion page.|
Cross-Site Content Forgery is a vulnerability class that entails malforming the server-side mimetype for a particular resource to make it appear as something else.
For example, you could have an innocent looking image file hosted somewhere, using apache directives such as "AddType" you can force the content-type of the resource to be processed server-side by any application.
When the application seizes control of the resource, you can wrap that resource into the functions of a program, wherein the output would be returned to the client
This vulnerability is possible because content-crawler bots make easily identifiable requests.