Security Now 166
Episode 166 |
Topic: Cross Site Request Forgery Published: 2008 |
Contents
Security Now 166 :Cross Site Request Forgery
News & Errata
Cross Site Request Forgery
30:00 -
The mechanism for sending data back to servers is an awkward extension of the mechanism for making a request
There are two types of requests:
- GET: URL followed by a ? and any data you want to pass back as parameters
- POST: Data is not tacked onto the end of the URL but sent as individual lines in the data of the request after the headers
- When you send data to the server your submission is validated with cookies
- Imagine going to a malicious website or opening a malicious email
- They contain a image reference and your browser issues a GET request for the image
- The URL in the image tag could not be a image URL but a GET request to buy a product from Amazon.
- Your browser will automatically send your Amazon cookie representing your currently logged on session along with the request
- Anywhere you go can ask your browser to POST or GET things from any other site
To Solve:
- Don't accept requests that don't contain information a hacker can not know
- E.g. When a real webpage shows the form have it contain a hidden random encrypted string that is returned with the data, that an attacker wouldn't know how to generate
Production Information
- Edited by:
- Notes:
![]() |
This area is for use by TWiT staff only. Please do not add or edit any content within this section. |