View Single Post
  #8  
Old 4th May 2011, 14:56
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Quote:
In basic if not logged on there is no possibilty to run one of the other scripts, validation is done at the beginning of every script:
Every trustfull user might be untrustfull or used by a victim when logged in A and surfing B while beeing the victim of a XSS Attack combined with CSRF to attack A...
Reply With Quote