[WEB SECURITY] Cross domain access using JavaScript document.referrer

Amit Klein aksecurity at gmail.com
Thu Dec 21 16:45:01 EST 2006


Kanatoko wrote:
> Hi list,
>
> I found a cross domain access technique.
>
> demo:
> http://www.httptunnel.org/crossdomain1.html
>
> In this demo, a simple application located in the another domain (
> "www.jumperz.net" ) receives data from "www.httptunnel.org", 
> And converts it to upper case and sends it back.
>
>   
To the best of my understanding, you're using the URL to move 
information from the caller domain to the callee, and then 
document.referrer to move information back from the callee to the 
caller. You're right in stating that this is a "cross domain access 
technique", but I wouldn't say that this is a cross domain vulnerability.
I'd say that moving data across domains in the URL is a well known 
technique, and moving it back via the referrer is also in a sense known 
(perhaps in a slightly different context - it is well known that the 
referrer may contain sensitive info and as such may leak info to a 
hostile domain; in your case the two domains cooperate, hence this is a 
desired feature...).

-Amit


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list