WebApp Sec mailing list archives
Re: Help with referer issues in XSS
From: gorka - <ray.bradbury9 () gmail com>
Date: Tue, 6 Mar 2012 16:21:46 +0100
If you are using firefox you have addons that let you specify whatever you want in the referer field. referer https://addons.mozilla.org/en-US/firefox/addon/refcontrol/ or other header fields https://addons.mozilla.org/en-US/firefox/addon/header-tool/ PS: Resending, dind like the email mime type ^-^ 2012/3/2 Yuping Li <lyp20062392 () gmail com>
Hi, all Suppose there is a reflect XSS vulnerability in a pop SNS, but this site is "concerned" about security, so they check the referer field of certain POST request to make sure that they are normal and correct. Is it possible for me to bypass this check within javascript? It seems that I can't set this parameter like this: xmlHttp.setRequestHeader("Referer","http://expected.target"); It would be appreciated if someone can give me a clue. Regards, This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Help with referer issues in XSS Yuping Li (Mar 06)
- Message not available
- Message not available
- Re: [WEB SECURITY] Help with referer issues in XSS Stefano Di Paola (Mar 06)
- Message not available
- Message not available
- Re: Help with referer issues in XSS gorka - (Mar 06)
- Message not available
- Re: Help with referer issues in XSS Yuping Li (Mar 06)
- RE: Help with referer issues in XSS Alan Tatourian (Mar 06)
- Re: Help with referer issues in XSS Benedetto Nespoli (Mar 07)
- Re: Help with referer issues in XSS Yuping Li (Mar 06)