Web Application Security
Re: Help with referer issues in XSS Mar 07 2012 04:35AM
Yuping Li (lyp20062392 gmail com) (2 replies)
Hi,

Thanks for all your response. The premise of my situation is that
there is a XSS bug in the site, and I want to utilize this vul to do
something more, for example, forge some post requests in my js code,
you may recall the glorious "Samy" story here. But the server is now
checking the referer field of any request, and the expected referer
should be like this: http://(www.)example.com(/xxx).

And can't be:
1, no referer
2, (example.com.***).attack.com/...

Until last second, I came to realize that the host part in the
referer field can only be http://(www.)example.com, and the request
will fail if the referer contain some sort of "xss attempt", but I can
only launch the post requests in the xssed page which means the xss
attempt will inevitable be contained in the referer field of a normal
request. Of course I can set it with firefox addons, but there is no
point here.

Seems if there is no programming way to set my own referer of my post
request and their xss detecting techniques of referer are good enough,
I may have no hope.

Yuping

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: Help with referer issues in XSS Mar 07 2012 06:48AM
Benedetto Nespoli (benedetto nespoli gmail com)
RE: Help with referer issues in XSS Mar 07 2012 06:01AM
Alan Tatourian (alan tatourian com)


 

Privacy Statement
Copyright 2010, SecurityFocus