WebApp Sec mailing list archives
Re: CSRF attack in Firefox
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Tue, 18 Mar 2008 16:01:15 +0000
On 18/03/2008, Vishal Garg <vishal () firstbase co uk> wrote:
Hi List, I have tested the following attack in Firefox and it has worked successfully, while I would not have expected this to work because of the same origin policy in Firefox. The Firefox version I am using is 2.0.0.12. http://www.victim.com/webapp/wcs/servlet/ImagePopup?storeId=111&imageName=image1.jpg&imageText=%3Cimg%20src=http://www.attacker.com/images/image2.jpg%3E Can someone please explain why this attack works in Firefox.
Same origin doesn't apply to <img> tags - you can load images from anywhere on the net. But, it looks like you are exploiting a XSS to get your image loaded into a page, rather than a CSRF to GET/POST to a victim server. The typical CSRF request would be produce a GET/POST to e.g. http://victim.com/deletemyprofile.php , but triggered by viewing a page on http://attacker.com/ - so you don't really have a CSRF attack here, but does look like XSS. (I think - please feel free to disagree) cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- CSRF attack in Firefox Vishal Garg (Mar 18)
- Re: CSRF attack in Firefox Jamie Riden (Mar 18)
- Re: CSRF attack in Firefox Ali, Saqib (Mar 18)