WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: blocking CSRF attacks

From: "Amit Klein" <aksecurity () gmail com>
Date: Thu, 20 Dec 2007 13:18:20 +0200
On Dec 19, 2007 9:26 PM, Paul Johnston <paj () pajhome org uk> wrote:
[...]


In a CSRF attack the victim's browser is making the request, so the
attacker does not get free control of the referer header. Sure, using
this as a security control is not perfect, but it does have some merit
as a quick fix.



I beg to differ:

"Forging HTTP request headers with Flash"
http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00069.html

http://ha.ckers.org/blog/20060725/forging-http-request-headers-with-flash/

"HTTP Header Injection Vulnerabilities in the Flash Player Plugin"
http://download2.rapid7.com/r7-0026/

"Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a
lot more..."
http://www.webappsec.org/lists/websecurity/archive/2005-09/msg00019.html

-Amit

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: