Re: recent 'cross site scripting' CERT advisory

From: Mikael Olsson (mikael.olssonat_private)
Date: Tue Feb 08 2000 - 23:29:11 PST

Next message: Ron van Daal: "Re: Novell BorderManager 3.5 Remote Slow Death"

Previous message: Marc Lehmann: "Re: Tempfile vulnerabilities"
Maybe in reply to: Tim Hollebeek: "recent 'cross site scripting' CERT advisory"
Next in thread: Peter W: "Re: recent 'cross site scripting' CERT advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Taneli Huuskonen wrote:
>
> Now, if trusted.com's
> webserver refused to serve anything else but the index page unless the
> Referer: field contained a trusted.com URL, this attack would be foiled.
>
> Now, is there a way to trick a browser into lying about the referrer?
>

According to
http://www.securiteam.com/securitynews/DHTML_makes_HTTP_REFERER_an_unreliable_sanity_check.html

it is possible for DHTML to lie about the referer.

(I believe this was originally a post here on Bugtraq, but I might
be wrong; could be some other mailing list I'm on too..)

/Mike

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50           Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olssonat_private

Next message: Ron van Daal: "Re: Novell BorderManager 3.5 Remote Slow Death"
Previous message: Marc Lehmann: "Re: Tempfile vulnerabilities"
Maybe in reply to: Tim Hollebeek: "recent 'cross site scripting' CERT advisory"
Next in thread: Peter W: "Re: recent 'cross site scripting' CERT advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:58 PDT