WebApp Sec mailing list archives
RE: Help with referer issues in XSS
From: "Alan Tatourian" <alan () tatourian com>
Date: Tue, 6 Mar 2012 22:01:24 -0800
If you want to create a script setting headers and exploiting XSS, that you could redistribute to potential victims via email, you can't. But there are number of ways to set a 'referer' via various tools or in lower level languages. You could also write a script that would take a victim to an evilguy.com which would do the harm setting headers, etc... There are other more sophisticated ways like man-in-the-middle attacks that would also work. Alan Tatourian -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Yuping Li Sent: Tuesday, March 06, 2012 8:36 PM To: Ward, Jon; ray.bradbury9 () gmail com; stefano.dipaola () wisec it Cc: webappsec () securityfocus com; websecurity () webappsec org Subject: Re: Help with referer issues in XSS Hi, Thanks for all your response. The premise of my situation is that there is a XSS bug in the site, and I want to utilize this vul to do something more, for example, forge some post requests in my js code, you may recall the glorious "Samy" story here. But the server is now checking the referer field of any request, and the expected referer should be like this: http://(www.)example.com(/xxx). And can't be: 1, no referer 2, (example.com.***).attack.com/... Until last second, I came to realize that the host part in the referer field can only be http://(www.)example.com, and the request will fail if the referer contain some sort of "xss attempt", but I can only launch the post requests in the xssed page which means the xss attempt will inevitable be contained in the referer field of a normal request. Of course I can set it with firefox addons, but there is no point here. Seems if there is no programming way to set my own referer of my post request and their xss detecting techniques of referer are good enough, I may have no hope. Yuping This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Help with referer issues in XSS Yuping Li (Mar 06)
- Message not available
- Message not available
- Re: [WEB SECURITY] Help with referer issues in XSS Stefano Di Paola (Mar 06)
- Message not available
- Message not available
- Re: Help with referer issues in XSS gorka - (Mar 06)
- Message not available
- Re: Help with referer issues in XSS Yuping Li (Mar 06)
- RE: Help with referer issues in XSS Alan Tatourian (Mar 06)
- Re: Help with referer issues in XSS Benedetto Nespoli (Mar 07)
- Re: Help with referer issues in XSS Yuping Li (Mar 06)