Black Hat Europe 2007 - Kicking Down the Cross Domain Door
Cross Site Request Forgery (XSRF) has been billed as the newest weapon for cross domain web application exploitation. Despite the massive impact of XSRF, the attack remains extremely difficult to complete, as it requires an attacker to blindly strike against external domains, praying their attacks were successful. Now, imagine a new scenario... a scenario where an attacker can instantly see the results of their cross domain attacks. Imagine that an attacker can now steal cookies from a site you haven't been to in a week, brute force username/password combinations for internal network devices, or use your browser to run a Nikto scan against a website you've never visited!