Web Application Security
Help with referer issues in XSS Mar 02 2012 06:55AM
Yuping Li (lyp20062392 gmail com) (1 replies)
Hi, all

Suppose there is a reflect XSS vulnerability in a pop SNS, but this
site is "concerned" about security, so they check the referer field of
certain POST request to make sure that they are normal and correct. Is
it possible for me to bypass this check within javascript? It seems
that I can't set this parameter like this:

xmlHttp.setRequestHeader("Referer","http://expected.target");

It would be appreciated if someone can give me a clue.

Regards,

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: Help with referer issues in XSS Mar 06 2012 03:21PM
gorka - (ray bradbury9 gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus