WebApp Sec mailing list archives
Re: CSRF attack in Firefox
From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Tue, 18 Mar 2008 10:00:15 -0700
Vishal, Can you please provide more info about what the servlet does? Same Origin Policy is usually for client side components (Applets, Javascripts) and not for server side components. saqib http://doctrina.wordpress.com/ On Tue, Mar 18, 2008 at 7:46 AM, Vishal Garg <vishal () firstbase co uk> wrote:
Hi List, I have tested the following attack in Firefox and it has worked successfully, while I would not have expected this to work because of the same origin policy in Firefox. The Firefox version I am using is 2.0.0.12. http://www.victim.com/webapp/wcs/servlet/ImagePopup?storeId=111&imageName=image1.jpg&imageText=%3Cimg%20src=http://www.attacker.com/images/image2.jpg%3E Can someone please explain why this attack works in Firefox. Thanks in advance... cheers Vishal
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- CSRF attack in Firefox Vishal Garg (Mar 18)
- Re: CSRF attack in Firefox Jamie Riden (Mar 18)
- Re: CSRF attack in Firefox Ali, Saqib (Mar 18)