Web Application Security
Help with referer issues in XSS Mar 02 2012 06:55AM
Yuping Li (lyp20062392 gmail com) (1 replies)
Re: Help with referer issues in XSS Mar 06 2012 03:21PM
gorka - (ray bradbury9 gmail com)
If you are using firefox you have addons that let you specify whatever
you want in the referer field.

referer
https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
or other header fields
https://addons.mozilla.org/en-US/firefox/addon/header-tool/

PS: Resending, dind like the email mime type ^-^

2012/3/2 Yuping Li <lyp20062392 (at) gmail (dot) com [email concealed]>
>
> Hi, all
>
> Suppose there is a reflect XSS vulnerability in a pop SNS, but this
> site is "concerned" about security, so they check the referer field of
> certain POST request to make sure that they are normal and correct. Is
> it possible for me to bypass this check within javascript? It seems
> that I can't set this parameter like this:
>
> xmlHttp.setRequestHeader("Referer","http://expected.target");
>
> It would be appreciated if someone can give me a clue.
>
> Regards,
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus