Webserver A presents the use with a form with post or get url located on a website it does not host.
The user fills in the form and submits it. Webserver B get's a request out of the blue for a URL that a Site B provided by Webserver B uses as a post or get url.
However the form given by Site B is different than the one given to the user by Webserver A. The code for Site B running on Webserver B checks the user's credentials. If not done correctly the form submission may pass allowing any content to be submitted by OPs on any other Webserver on the Internet, plus "file://" too.
The Nasty bit is that the Form from Webserver A can look like your typical user registration page, username and double password entries... Plus some hidden inputs the OP of Webserver A would like users to post to Webserver B, like a advertisement meant to be tweeted. If the user enters the same User/Password as they do for Twitter, then the OPs message will be tweeted... Accepting this Twitter is not so easily fooled.
Target Vector:
Site Cookies for auth. Cookies are passed to Site B, regardless of referral, at least they used to be.
Prevention:
Form generation includes a hidden input who's value the attacking OP would not know. Absence of this variable in any form submission can be denied.
This technique is so standard that there is a proper name given to a hidden input used in this manner and if memory serves even a TLA. Though I can't be expected to know everything.
In reply to Re^9: Perl Sessions and Cookies - Cookie don't get passed
by cheako
in thread Perl Sessions and Cookies - Cookie don't get passed
by Yaerox
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |