webappsec December 2007 archive
Main Archive Page > Month Archives  > webappsec archives
webappsec: Re: FW: blocking CSRF attacks

Re: FW: blocking CSRF attacks

From: Amit Klein <aksecurity_at_nospam>
Date: Thu Dec 20 2007 - 11:18:20 GMT
To: "Paul Johnston" <paj@pajhome.org.uk>


On Dec 19, 2007 9:26 PM, Paul Johnston <paj@pajhome.org.uk> wrote: [...]
>
> In a CSRF attack the victim's browser is making the request, so the
> attacker does not get free control of the referer header. Sure, using
> this as a security control is not perfect, but it does have some merit
> as a quick fix.
>

I beg to differ:

"Forging HTTP request headers with Flash" http://www.webappsec.org/lists/websecurity/archive/2006-07/msg00069.html

http://ha.ckers.org/blog/20060725/forging-http-request-headers-with-flash/

"HTTP Header Injection Vulnerabilities in the Flash Player Plugin" http://download2.rapid7.com/r7-0026/

"Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more..."
http://www.webappsec.org/lists/websecurity/archive/2005-09/msg00019.html

-Amit



Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F