There's a CSRF token in the form, but deleting it doesn't seem to cause the sear... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mattbasta on May 26, 2013 \| parent \| context \| favorite \| on: PayPal.com XSS Vulnerability There's a CSRF token in the form, but deleting it doesn't seem to cause the search to fail.

tekacs on May 26, 2013 [–]

It's a search form.

It seems quite possible that CSRF checks could have been omitted in not expecting this to be a source of woe. Just goes to show... :P

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact