WebApp Sec mailing list archives

Re: CSRF attack in Firefox

From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Tue, 18 Mar 2008 10:00:15 -0700

Vishal,

Can you please provide more info about what the servlet does? Same
Origin Policy is usually for client side components (Applets,
Javascripts) and not for server side components.

saqib
http://doctrina.wordpress.com/




On Tue, Mar 18, 2008 at 7:46 AM, Vishal Garg <vishal () firstbase co uk> wrote:

Hi List,

 I have tested the following attack in Firefox and it has worked
 successfully, while I would not have expected this to work because of
 the same origin policy in Firefox. The Firefox version I am using is 2.0.0.12.

 
http://www.victim.com/webapp/wcs/servlet/ImagePopup?storeId=111&imageName=image1.jpg&imageText=%3Cimg%20src=http://www.attacker.com/images/image2.jpg%3E

 Can someone please explain why this attack works in Firefox.

 Thanks in advance...

 cheers
 Vishal


-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

CSRF attack in Firefox Vishal Garg (Mar 18)
- Re: CSRF attack in Firefox Jamie Riden (Mar 18)
- Re: CSRF attack in Firefox Ali, Saqib (Mar 18)