WebApp Sec mailing list archives
Help with referer issues in XSS
From: Yuping Li <lyp20062392 () gmail com>
Date: Fri, 2 Mar 2012 14:55:34 +0800
Hi, all Suppose there is a reflect XSS vulnerability in a pop SNS, but this site is "concerned" about security, so they check the referer field of certain POST request to make sure that they are normal and correct. Is it possible for me to bypass this check within javascript? It seems that I can't set this parameter like this: xmlHttp.setRequestHeader("Referer","http://expected.target"); It would be appreciated if someone can give me a clue. Regards, This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Help with referer issues in XSS Yuping Li (Mar 06)
- Message not available
- Message not available
- Re: [WEB SECURITY] Help with referer issues in XSS Stefano Di Paola (Mar 06)
- Message not available
- Message not available
- Re: Help with referer issues in XSS gorka - (Mar 06)
- Message not available
- Re: Help with referer issues in XSS Yuping Li (Mar 06)
- RE: Help with referer issues in XSS Alan Tatourian (Mar 06)
- Re: Help with referer issues in XSS Benedetto Nespoli (Mar 07)
- Re: Help with referer issues in XSS Yuping Li (Mar 06)