WebApp Sec mailing list archives
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications"
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 22 Dec 2004 19:15:13 +0100
* Joseph Miller:
Besides this, there are many websites that have a redirect script somewhere on their website. So the attacker could send the link http://www.website.com/redirect?url=/actions/dobadthing which would often satisfy that requirement. Your solution also does not address such problems as an attacker placing malicious urls inside of a web app such as a forum, which would be on the same website that the attacker was attempting to ride on. This also would satisfy your url requirements.
It's possible to write the Referer: filters in a way that only permit allowed state transitions. I've implement this for Mailman (using Apache rewrite rules), and the approach should work a broader class of applications. I agree that it could be challenging in some cases where the same page shows untrusted content and offers some form field (think of a guestbook, but with more sensitive data).
Current thread:
- Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Thomas Schreiber (Dec 16)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Philippe P. (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Shade (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Florian Weimer (Dec 23)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Joseph Miller (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Florian Weimer (Dec 23)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Shade (Dec 20)
- RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Yvan G.J. Boily (Dec 20)
- RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Mark Burnett (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Jeff Williams (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Augusto Paes de Barros (Dec 23)
- RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Mark Burnett (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Florian Weimer (Dec 23)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Philippe P. (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Eran Tromer (Dec 20)