Re: Help with referer issues in XSS

[Benedetto Nespoli <benedetto.nespoli () gmail com>]

Or maybe you can use Tamper Data for FF.



Il giorno 07/mar/2012, alle ore 05:35, Yuping Li <lyp20062392 () gmail com> ha scritto:

> Hi,
>
> Thanks for all your response. The premise of my situation is that
> there is a XSS bug in the site, and I want to utilize this vul to do
> something more, for example, forge some post requests in my js code,
> you may recall the glorious "Samy" story here. But the server is now
> checking the referer field of any request, and the expected referer
> should be like this: http://(www.)example.com(/xxx).
>
> And can't be:
> 1, no referer
> 2, (example.com.***).attack.com/...
>
> Until last second, I came to realize that the host part in the
> referer field can only be http://(www.)example.com, and the request
> will fail if the referer contain some sort of "xss attempt", but I can
> only launch the post requests in the xssed page which means the xss
> attempt will inevitable be contained in the referer field of a normal
> request. Of course I can set it with firefox addons, but there is no
> point here.
>
> Seems if there is no programming way to set my own referer of my post
> request and their xss detecting techniques of referer are good enough,
> I may have no hope.
>
> Yuping
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now! 
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------