[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ

From: Stefan Esser <sesser@xxxxxxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
Date: Tue, 16 Jan 2007 20:11:16 +0100 (MET)

> If you provide the user with a token that changes on per request basis and expires after being used
> how can this be defeated? Prompting the user per action would also halt this action and has been added to the document
> as an additional solution.
>   
Internet Explorer mhtml: protocol is vulnerable for more than 6 month
(or was it fixed meanwhile?)
With IE JavaScript can read the content of pages. This means the CSRF
attack just loads the page in the background via MHTML, reads the token
and voila.

Of course with Flash Requests this is also possible. It was shown in the
past that many sites have wrongly configured crossdomain.xml files and
in many other cases the loadPolicyFile function of Flashobjects can load
policies from files uploaded to the webapplication.

Stefan Esser

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
  - From: bugtraq

Prev by Date: Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
Next by Date: RE: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
Previous by thread: Re: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
Next by thread: RE: [WEB SECURITY] Announcement: The Cross-site Request Forgery FAQ
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site