struts csrf token bypass

[WooYun <root () wooyun org>]

hi

someone report a security flaw of struts on wooyun,it allow you bypass
the struts's csrf protection without XSS

much more information here:

http://zone.wooyun.org/content/205

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/