Cross-reference to a site with an external site in different domains
We interling our site with an external site using form messages. The form on our page will be sent to the extenal site on a different domain. Is it possible? I thought it was going to be an injection attack.
Yes, it should be possible. Make sure you have enough checks in place so that you are not submitting malicious data (and you are not held responsible), also I hope the other party does server side checks as well.
There is a type of vulnerability called Cross Site Request Forgeries or XSRF. XSRF has nothing to do with the datatype, but rather that the request is coming from another server. http://www.owasp.org/index.php/XSRF
Here is the XSRF exploit POST request I wrote: http://www.exploit-db.com/exploits/7922/ This javascript is used to automatically disable the form when the page is viewed:
<script>document.getElementById(1).submit();</script>
You probably want to know more about the policy of the same origin, this is the best post I have found: http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy p>