WebApp Sec mailing list archives
IE cookie menagment and CSRF
From: lazy <lazy () gwsh gda pl>
Date: Fri, 20 Aug 2004 16:04:25 +0200
Hi All, Recently while toying with CSRF XSS I found out that when I place sth. like<img src=”domainB/logout.php”> on domainA IE(6.0.2800.1106.xpsp2.030422-1633) sends cookies from siteB. and Mozilla 1.7.2 don't. Thins means that some web page on domainA can force any GET request as previously authorized user on domainB.
(imaginary scenario) 1)user logs on e-bay 2)wants to buy a book from attacker3)attacker makes a webpage „See what I sell on ebay” with <img src=”http://ebay.com/bid.cgi?item=34345&price=99999”> and links it to the auction
4)when user views his page he not wilingly bids 999999$ on an itemI think that Mozilla does right not sending cookies because domains of the cookies should apply to originating html document if it's an image not a link. Am i right ?
What do You thing about it ? Is it a bug or it's ok and we should use only POST methods for important forms?
-- Lazy
Current thread:
- IE cookie menagment and CSRF lazy (Aug 20)
- Re: IE cookie menagment and CSRF Saqib . N . Ali (Aug 21)
- Re: IE cookie menagment and CSRF lazy (Aug 21)
- Re: IE cookie menagment and CSRF Saqib . N . Ali (Aug 22)
- Re: IE cookie menagment and CSRF lazy (Aug 21)
- Message not available
- Re: IE cookie menagment and CSRF lazy (Aug 22)
- Re: IE cookie menagment and CSRF Finite (Aug 22)
- Re: IE cookie menagment and CSRF lazy (Aug 22)
- Re: IE cookie menagment and CSRF Saqib . N . Ali (Aug 21)