[–] samarudge 14y ago ↗ How is this CSRF? This is just phishing, CSRF is something completely different. [–] MattBearman 14y ago ↗ My thoughts exactly, there's no cross site requests happening, its all taking place on the phishing server (liviejournal.com) [–] adammacleod 14y ago ↗ "The attack will appear as though someone has left you a comment, but an image similar to the following will appear requesting your password:"Without knowing anything about the attack my guess is that the author is probably confused with XSS.
[–] MattBearman 14y ago ↗ My thoughts exactly, there's no cross site requests happening, its all taking place on the phishing server (liviejournal.com)
[–] adammacleod 14y ago ↗ "The attack will appear as though someone has left you a comment, but an image similar to the following will appear requesting your password:"Without knowing anything about the attack my guess is that the author is probably confused with XSS.
3 comments
[ 2.5 ms ] story [ 18.6 ms ] threadWithout knowing anything about the attack my guess is that the author is probably confused with XSS.