<<< Date Index >>>     <<< Thread Index >>>

Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)



On Thu, Dec 11, 2008 at 02:14:58PM +0100, Sebastian Gottschall (DD-WRT)  wrote:
> all fixed images (for all platforms) are now provided here in our test 
> folder

"Fixed" except for people who don't send Referers or for anyone who
browses an SSL site. Lenient Referer checking is not a solution for
CSRF.