[Cppcms-users] empty action in POST a potential vulnerability ?
Brought to you by:
artyom-beilis
Menu
▾
▴
[Cppcms-users] empty action in POST a potential vulnerability ?
|
From: Marius C. <mf...@gm...> - 2014-08-24 22:13:27
|
I was just reading on a blog post that an empty action in post could in theory trigger a bypassing of CSRF. Details here: http://blog.andlabs.org/2010/03/bypassing-csrf-protections-with.html Is this true for cppcms ? I've noticed that the wiki code does indeed use empty actions in post forms. It would also seem that html5 doesn't allow this anymore and that a non empty action must be specified. Thanks. |
