Re: [PHP] CSRF attack not possible in I.E. 6.01 SP1?

["Octavian Rasnita" <orasnita () fcc ro>]

Why is so important if Internet Explorer allows URLS of images where the
file name is only .jpg, .png, or .gif?

A url can be something like:

http://www.site.com/script.php/image.jpg?logout=true

Internet Explorer might think that the file is a .jpg and that script.php is
a directory but only the target web server knows which is the program.
Or a PHP code might be contained in a "image.jpg" file.

Teddy

Teddy

----- Original Message -----
From: "Chris Shiflett" <shiflett () php net>
To: <Saqib.N.Ali () seagate com>
Cc: "Jay Blanchard" <jay.blanchard () niicommunications com>;
<php-general () lists php net>; <webappsec () securityfocus com>
Sent: Monday, August 16, 2004 9:52 PM
Subject: RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1?


> --- Saqib.N.Ali () seagate com wrote:
> > And I m sure all PHP developers check their applications for
> > CSRF vulnerability, in various browsers (including I.E. ).
>
> I speak about CSRF in many of the talks I give, and I think you'd be
> surprised by how many people haven't even heard of it.
>
> > As a PHP/Java developer, I would be interested to know what
> > I.E. is doing in their browsers to prevent CSRF attacks. I m
> > not trying to start a browser war here.
>
> Well, to be fair, even if it is true that IE does not request a URL
> referenced in an img tag unless the file extension matches a known image
> type, this isn't a complete or even optimal solution to the problem. Also,