2009-05-03 01:05:17

Fri, 10 Apr 09 18:39:40 -0600

Observe:
Log Out of Myspace

Didn't see anything?
Good. You are now logged out of MySpace.

Juvenile, yes, but it highlights a problem with many websites security: CSRF (Cross Site Request Forgery).

Basically, I just made a .htaccess file that redirects a random image to the myspace logout page and made the image invisible.

I could have just pasted the url into the src attribute, but this method is much more useful because it can be embedded in myspace its self, bypassing any security measures.

This is a very, very minor example, much more serious CSRF exploits can be done this way.