Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications"

["Philippe P." <webappsec () philippe prados name>]

Hello,



I like this paper ( http://www.securenet.de/papers/Session_Riding.pdf ), but 
i would like to make some comments:

- In chapter 6.3.1, you say a javascript can help to submit the URL 1) and 
the URL 2).

I think it's not necessary to use javascript for that. It's possible to 
return a special page with an image with a bad link, and a new link to 
manage the next step. The next step make exactely the same, a page with 
image and next step. I think it's possible to make a complex scenario with 
this approach.



-         In chapter 6, you propose countermeasures. But, your propositions 
are complexes. A better approach is to check the header Referer for each 
request with parameter. If the Referer is not compatible the the site, you 
can reject the request. It's very easy to install, and you can continue to 
use the HTTP cache.



Regards



Philippe PRADOS