WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help with referer issues in XSS

From: gorka - <ray.bradbury9 () gmail com>
Date: Tue, 6 Mar 2012 16:21:46 +0100
If you are using firefox you have addons that let you specify whatever
you want in the referer field.

referer
https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
or other header fields
https://addons.mozilla.org/en-US/firefox/addon/header-tool/

PS: Resending, dind like the email mime type ^-^

2012/3/2 Yuping Li <lyp20062392 () gmail com>


Hi, all

Suppose there is a reflect XSS vulnerability in a pop SNS, but this
site is "concerned" about security, so they check the referer field of
certain POST request to make sure that they are normal and correct. Is
it possible for me to bypass this check within javascript? It seems
that I can't set this parameter like this:

xmlHttp.setRequestHeader("Referer","http://expected.target";);

It would be appreciated if someone can give me a clue.

Regards,



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------





This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: