--- [EMAIL PROTECTED] wrote: > I can't share the exact code ;) , but here is something very > similar: > > <img src="http://slashdot.org/my/logout" height="1" width="1"> > > If I load a web page with the above code, it should log me out > of slashdot. It works in Mozilla (and netscape), but not in I.E. > 6.01 SP1
The best information would be if you can capture the exact HTTP transactions involved. For example, using something like ethereal, capture the request and response for Mozilla, and then do the same for IE 6.01 SP1. Short of that, you could create a URL specifically made for testing this. You can create a PHP file called csrf.php and another called csrf.png. Make .png files be interepreted as PHP (just for the purposes of this test), and then you can log a lot of useful information in your test scripts. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php