[WEB SECURITY] Cross domain access using JavaScript document.referrer
Amit Klein
aksecurity at gmail.com
Thu Dec 21 16:45:01 EST 2006
Kanatoko wrote:
> Hi list,
>
> I found a cross domain access technique.
>
> demo:
> http://www.httptunnel.org/crossdomain1.html
>
> In this demo, a simple application located in the another domain (
> "www.jumperz.net" ) receives data from "www.httptunnel.org",
> And converts it to upper case and sends it back.
>
>
To the best of my understanding, you're using the URL to move
information from the caller domain to the callee, and then
document.referrer to move information back from the callee to the
caller. You're right in stating that this is a "cross domain access
technique", but I wouldn't say that this is a cross domain vulnerability.
I'd say that moving data across domains in the URL is a well known
technique, and moving it back via the referrer is also in a sense known
(perhaps in a slightly different context - it is well known that the
referrer may contain sensitive info and as such may leak info to a
hostile domain; in your case the two domains cooperate, hence this is a
desired feature...).
-Amit
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list