|
|
|
|
| |
| Several sites use a "security check" on the HTTP_REFERER server variable. The security check is usually used to verify that information submitted from a form came from a proper or designated URL. This is usually done to prevent someone from creating a local, malicious form to submit to a script. However, this check can be bypassed by using DHTML. |
| |
Credit:
This vulnerability has been discovered by: Titus, Tobin (Greenville).
|
| |
|
A malicious program can be created to navigate to the origin page (the page from wish data is permitted to originate), alter the contents of a single link, hidden input value, or even the entire form itself and submit the information. The HTTP_REFERER would remain unchanged, causing the server to think that the form was posted from its own web site. This would leave the same availability open as creating a local form and submitting it to the destination.
|
|
|
|
|
|
|
|
|
|
