|
WebApp Sec
mailing list archives
Re: CSRF attack in Firefox
From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Tue, 18 Mar 2008 10:00:15 -0700
Vishal,
Can you please provide more info about what the servlet does? Same
Origin Policy is usually for client side components (Applets,
Javascripts) and not for server side components.
saqib
http://doctrina.wordpress.com/
On Tue, Mar 18, 2008 at 7:46 AM, Vishal Garg <vishal () firstbase co uk> wrote:
Hi List,
I have tested the following attack in Firefox and it has worked
successfully, while I would not have expected this to work because of
the same origin policy in Firefox. The Firefox version I am using is 2.0.0.12.
http://www.victim.com/webapp/wcs/servlet/ImagePopup?storeId=111&imageName=image1.jpg&imageText=%3Cimg%20src=http://www.attacker.com/images/image2.jpg%3E
Can someone please explain why this attack works in Firefox.
Thanks in advance...
cheers
Vishal
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be
considered a crucial phase in the development of any web application. What methodology should be followed? What tools
can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
