WebApp Sec mailing list archives
RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?
From: "Michael Silk" <michaels () phg com au>
Date: Wed, 18 Aug 2004 08:38:23 +1000
IE might decide, based on mime type, whether or not the linked image is really an 'image' (I Hope it wouldn't only check the extension). But of course, even checking the mime-type won't help at all if the you have control over the server as you can link to x.jpg, perform the logout, or login, or whatever, and then write out a bytes for a jpeg. I'm not sure what point the random number would have ... -----Original Message----- From: Ed Lazor [mailto:Ed.Lazor () d20News com] Sent: Tuesday, 17 August 2004 5:01 AM To: Saqib.N.Ali () seagate com; shiflett () php net Cc: php-general () lists php net; webappsec () securityfocus com Subject: RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? What if you add a random seed to the URL? <img src="http://slashdot.org/my/logout?fluff=<?php echo rand(1,200);?>" height="1" width="1">
-----Original Message----- Hello Chris, I can't share the exact code ;) , but here is something very similar: <img src="http://slashdot.org/my/logout" height="1" width="1"> If I load a web page with the above code, it should log me out of slashdot. It works in Mozilla (and netscape), but not in I.E. 6.01 SP1
This email message and accompanying data may contain information that is confidential and/or subject to legal privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this email message in error, please notify us immediately and erase all copies of this message and attachments. This email is for your convenience only, you should not rely on any information contained herein for contractual or legal purposes. You should only rely on information and/or instructions in writing and on company letterhead signed by authorised persons.
Current thread:
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- <Possible follow-ups>
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Jay Blanchard (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Octavian Rasnita (Aug 17)
- Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Chris Shiflett (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Vail, Warren (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Ed Lazor (Aug 17)
- RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? Michael Silk (Aug 18)