View Single Post
Old 4th May 2011, 15:56
Ben Ben is offline
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts

In basic if not logged on there is no possibilty to run one of the other scripts, validation is done at the beginning of every script:
Every trustfull user might be untrustfull or used by a victim when logged in A and surfing B while beeing the victim of a XSS Attack combined with CSRF to attack A...
Reply With Quote