Cross-reference to a site with an external site in different domains

Question

Cross-reference to a site with an external site in different domains

We interling our site with an external site using form messages. The form on our page will be sent to the extenal site on a different domain. Is it possible? I thought it was going to be an injection attack.

+2

security

Ageis 19 oct. '09 at 9:49

source to share

3 answers

There is a type of vulnerability called Cross Site Request Forgeries or XSRF. XSRF has nothing to do with the datatype, but rather that the request is coming from another server. http://www.owasp.org/index.php/XSRF

Here is the XSRF exploit POST request I wrote: http://www.exploit-db.com/exploits/7922/ This javascript is used to automatically disable the form when the page is viewed:

<script>document.getElementById(1).submit();</script>

0

rook Oct 20 At 6:09 am

source to share

You probably want to know more about the policy of the same origin, this is the best post I have found: http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy p>

0

Collin Oct 20 '09 at 6:35

source to share

Shoban · Accepted Answer · 2009-10-19T09:54:56+0000

Yes, it should be possible. Make sure you have enough checks in place so that you are not submitting malicious data (and you are not held responsible), also I hope the other party does server side checks as well.

Cross-reference to a site with an external site in different domains

More articles: