CSRF & Working With Rails
Thursday, June 12th, 2008
About a week ago Mislav Marohnic wrote about a simple CSRF attack on Working with Rails.
What Mislav exploited was the fact that Working With Rails didn’t require a POST request to create recommendations, so just by visiting his blog you’d inadvertadly recommend him (if you were logged into WWR).
In less than 24 hours Mislav got […]