A few days ago, an experiment on hijacking blogs through CSRF attacks was published on GNUCITIZEN. In this particular case, the chosen blogging platform for the experiment was Blogger. Now, a few days later, I can confirm that Google has tokenized the requests that made it possible to hijack a blog in a two-shots attack.
More info can be found on the following URL: http://www.gnucitizen.org/blog/csrf-ing-blogger-classic -- pagvac [http://ikwt.com/] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/