[Full-disclosure] CSRF-ing “Blogger Classic”

[pagvac]

A few days ago, an experiment on hijacking blogs through CSRF attacks
was published on GNUCITIZEN. In this particular case, the chosen
blogging platform for the experiment was Blogger. Now, a few days
later, I can confirm that Google has tokenized the requests that made
it possible to hijack a blog in a two-shots attack.

More info can be found on the following URL:

http://www.gnucitizen.org/blog/csrf-ing-blogger-classic

-- 
pagvac
[http://ikwt.com/]