Hello Chris, I can't share the exact code ;) , but here is something very similar:
<img src="http://slashdot.org/my/logout"; height="1" width="1"> If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1 downloads.seagate.com Chris Shiflett <[EMAIL PROTECTED]> No Phone Info Available 08/16/2004 11:24 AM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] cc Subject Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? --- [EMAIL PROTECTED] wrote: > My question: Is I.E. 6.01 SP1 doing something to foil the CSRF > attack, i.e. only allow image extensions .gif .png .jpeg????? This seems highly unlikely. Can you show us the code you're using to test? Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/
