Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?

[Chris Shiflett <shiflett () php net>]

--- Octavian Rasnita <orasnita () fcc ro> wrote:
> Why is so important if Internet Explorer allows URLS of images
> where the file name is only .jpg, .png, or .gif?
>
> A url can be something like:
>
> http://www.site.com/script.php/image.jpg?logout=true

This is definitely true, but as I mentionde in a previous reply, the point
of most CSRF attacks is to spoof a request from a trusted user to another
Web site. Thus, both the user and the other Web site are the victims. Most
Web sites don't have pages that use the .png extension. The attacker isn't
the receiving site; he/she is the person launching the attack that causes
the spoofed request.

For more information, since I fear my brief description is inadequate, you
can see these resources:

http://shiflett.org/articles/foiling-cross-site-attacks
http://shiflett.org/talks/oscon2004/foiling-cross-site-attacks
http://shiflett.org/php-security.pdf

Hope that helps.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly
     Coming Fall 2004
HTTP Developer's Handbook - Sams
     http://httphandbook.org/
PHP Community Site
     http://phpcommunity.org/