tag:blogger.com,1999:blog-8503755746105415394.post7739291169435436241..comments2008-04-25T05:52:10.343ZComments on PortSwigger.net - web application security: XSRF and threat ratingsPortSwiggerhttp://www.blogger.com/profile/04744809054520271899noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-8503755746105415394.post-76157016464749908262008-04-25T05:52:00.000Z2008-04-25T05:52:00.000Zyes right, then referrer check in XSRF may bypass ...yes right, then referrer check in XSRF may bypass in POST method, actually i will try to simulated in some cases.by the way your book was really a master piece in web application thanks for that..pazihttp://www.blogger.com/profile/02246518574659712982noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-29701611934831968092008-04-24T13:08:00.000Z2008-04-24T13:08:00.000Z@pazi - Historically, ways have existed of spoofin...@pazi - Historically, ways have existed of spoofing or masking the Referer header, and it is likely that further ways will be discovered in future. In general, the Referer header is not a reliable foundation on which to build any security defences within web applications.PortSwiggerhttp://www.blogger.com/profile/04744809054520271899noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-1717386120989882742008-04-24T11:55:00.000Z2008-04-24T11:55:00.000Zhi all,i wanna ask something related with XSRF.Wit...hi all,i wanna ask something related with XSRF.With using php-curl or java we may auto submit a form to another domain(XSRF site) when victim come my site .. however i am not sure we can set referrer header on this request if we can then referrer control may useless...pazihttp://www.blogger.com/profile/02246518574659712982noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-82298233829596974312008-03-22T09:30:00.000Z2008-03-22T09:30:00.000ZIf we know enough about the application to try and...If we know enough about the application to try and conduct a csrf-based sql injection attack, I'm sure we know the table structure; but if we don't (or we're trying to exploit the application only to see data for a proprietary app or something since a generic xp_cmdshell or similar approach won't work) we can always leverage the sql injection to get us some xss and then use xsstunnel to tunnel kuza55http://www.blogger.com/profile/03932544559060480887noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-22436501287633721752008-03-21T10:03:00.000Z2008-03-21T10:03:00.000Z@ted - Well, we may or may not know (or be able to...@ted - Well, we may or may not know (or be able to deduce) the table structure in either case. But the point is that, other things being equal, the XSRF vector applies to both vulnerablities, and so they should be assigned the same threat rating.PortSwiggerhttp://www.blogger.com/profile/04744809054520271899noreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-84864145410711173222008-03-21T01:35:00.000Z2008-03-21T01:35:00.000ZHowever, we don't know the table structor in their...However, we don't know the table structor in their SQL server...tedtedvip.blogspot.comnoreply@blogger.com