3 comments

[ 2.5 ms ] story [ 18.6 ms ] thread
How is this CSRF? This is just phishing, CSRF is something completely different.
My thoughts exactly, there's no cross site requests happening, its all taking place on the phishing server (liviejournal.com)
"The attack will appear as though someone has left you a comment, but an image similar to the following will appear requesting your password:"

Without knowing anything about the attack my guess is that the author is probably confused with XSS.