Re^11: Perl Sessions and Cookies - Cookie don't get passed

Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

So the browser handles data, user trusts the registration form is not a scam. Site B trusts the cookies/authinfo and applies the changes requested by the OP at Webserver A. == XSS.

Comment on Re^11: Perl Sessions and Cookies - Cookie don't get passed

Replies are listed 'Best First'.
Re^12: Perl Sessions and Cookies - Cookie don't get passed by Anonymous Monk on Mar 10, 2015 at 00:29 UTC
So the browser handles data, user trusts the registration form is not a scam. Site B trusts the cookies/authinfo and applies the changes requested by the OP at Webserver A. == XSS. No, you still haven't described an XSS attack, so I'm guessing you still haven't read that article. And as you're only quoting the second sentence of the CSRF article, I'm guessing you haven't read the rest of that, either. I suggest you do so before continuing the discussion.	[reply]

Replies are listed 'Best First'.

Re^12: Perl Sessions and Cookies - Cookie don't get passed
by Anonymous Monk on Mar 10, 2015 at 00:29 UTC

So the browser handles data, user trusts the registration form is not a scam. Site B trusts the cookies/authinfo and applies the changes requested by the OP at Webserver A. == XSS.

No, you still haven't described an XSS attack, so I'm guessing you still haven't read that article. And as you're only quoting the second sentence of the CSRF article, I'm guessing you haven't read the rest of that, either. I suggest you do so before continuing the discussion.

[reply]