Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
omniauth vulnerability #2
We just put our state in user's session, then abort loading page to avoid deleting our value and then use OUR code with OUR state. CSRF again.
document.write('<iframe src="" name=im></iframe>');
document.write("<iframe src=''></iframe>");

weyus commented May 30, 2013

Is this saying that the presence of the state parameter creates an opportunity for CSRF? Can you explain the gist a little more?

Does the presence of the state parameter make any difference in this scenario?

My understanding that the purpose of the state parameter itself is to help prevent CSRF (see: which states:

"Note: You may provide an optional state parameter to carry through any server-specific state you need to, for example, protect against CSRF issues."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment