Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Johannes Ullrich

Threat Level: green

Date	Author	Title
CROSS SITE REQUEST FORGERY
2014-08-09	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
CROSS
2022-03-07/a>	Johannes Ullrich	No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
2022-03-04/a>	Johannes Ullrich	Scam E-Mail Impersonating Red Cross
2014-08-09/a>	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
2013-02-11/a>	John Bambenek	Is This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>	Russ McRee	An expose of a recent SANS GIAC XSS vulnerability
2013-01-25/a>	Johannes Ullrich	Vulnerability Scans via Search Engines (Request for Logs)
2011-08-24/a>	Rob VandenBrink	Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2009-07-17/a>	John Bambenek	Cross-Platform, Cross-Browser DoS Vulnerability
SITE
2025-03-27/a>	Johannes Ullrich	Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
2023-12-11/a>	Rob VandenBrink	What is sitemap.xml, and Why a Pentester Should Care
2021-08-04/a>	Yee Ching Tok	Pivoting and Hunting for Shenanigans from a Reported Phishing Domain
2021-06-24/a>	Xavier Mertens	Do you Like Cookies? Some are for sale!
2018-11-17/a>	Xavier Mertens	Quickly Investigating Websites with Lookyloo
2017-07-19/a>	Xavier Mertens	Bots Searching for Keys & Config Files
2017-04-07/a>	Xavier Mertens	Tracking Website Defacers with HTTP Referers
2017-01-14/a>	Xavier Mertens	Backup Files Are Good but Can Be Evil
2016-01-29/a>	Xavier Mertens	Scripting Web Categorization
2014-08-09/a>	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
2014-06-11/a>	Daniel Wesemann	Gimme your keys!
2013-02-22/a>	Johannes Ullrich	When web sites go bad: bible . org compromise
2013-02-11/a>	John Bambenek	Is This Chinese Registrar Really Trying to XSS Me?
2013-02-04/a>	Russ McRee	An expose of a recent SANS GIAC XSS vulnerability
2013-01-25/a>	Johannes Ullrich	Vulnerability Scans via Search Engines (Request for Logs)
2011-08-24/a>	Rob VandenBrink	Citrix Access Gateway Cross Site Scripting vulnerability and fix ==> http://support.citrix.com/article/CTX129971
2010-08-13/a>	Tom Liston	The Strange Case of Doctor Jekyll and Mr. ED
2010-04-26/a>	Raul Siles	Vulnerable Sites Database
2009-08-18/a>	Deborah Hale	Domain tcpdump.org unavailable
2009-08-18/a>	Deborah Hale	Website compromises - what's happening?
2009-05-27/a>	donald smith	Host file black lists
2009-05-05/a>	Bojan Zdrnja	Every dot matters
2008-08-02/a>	Maarten Van Horenbeeck	Issues affecting sites using Sitemeter [resolved]
2008-06-07/a>	Jim Clausing	Followup to 'How do you monitor your website?'
2008-04-24/a>	donald smith	Hundreds of thousands of SQL injections
REQUEST
2025-09-08/a>	Johannes Ullrich	HTTP Request Signatures
2014-08-09/a>	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF
FORGERY
2014-08-09/a>	Adrien de Beaupre	Complete application ownage via Multi-POST XSRF

CROSS SITE REQUEST FORGERY

CROSS

SITE

REQUEST

FORGERY