hi someone report a security flaw of struts on wooyun,it allow you bypass the struts's csrf protection without XSS
much more information here: http://zone.wooyun.org/content/205 :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/