Monday, July 24, 2006

Another way to force-spoof browser referers.

As a WhiteHat employee once said, "If JavaScript can't do it, ask daddy Flash". Amit Klein did a great job discovering and documenting a way to use Flash to force a user's browser to make arbitrary HTTP Requests to any location and spoof client-side headers (including Referer and Expect). This has many web application security implications which we'll need to discuss in the coming weeks.

"Forging HTTP request headers with Flash"

Bye Bye CSRF solution.

No comments: