[WEB SECURITY] A technique for bypassing request header restriction of XMLHttpRequest
Robert A.
robert at webappsec.org
Thu Jan 5 18:36:25 EST 2012
>> I've found a vulnerability in the Japanese mobile phone by using this
>> technique. But that vulnerability is caused by unusual custom of Japanese
>> mobile world.
What were you able to do?
>>
>> So I want to know more universal threats by using this technique. Do you
>> have some ideas?
A couple things come to mind (assuming this works on single word headers which I've been unable to get working)
1. Modifying headers such as 'Host' to access other virtualhosts on the
same ip, or breaking weak CSRF protections by modifying the 'Referer' header (http://www.securityfocus.com/archive/1/441014)
2. Potential shared virtual hosting browser cache poisoning?
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2008-June/003951.html)
3. Abusing transparent proxies via Host header modification
(http://www.thesecuritypractice.com/the_security_practice/2010/03/abusing-transparent-proxies-with-flash-presentation-available-paper-update.html)
Regards,
- Robert A.
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/
>>
>> Thanks,
>>
>> --
>> Kousuke Ebihara <kousuke at co3k.org>
>> http://co3k.org/
>>
>> _______________________________________________
>> The Web Security Mailing List
>>
>> WebSecurity RSS Feed
>> http://www.webappsec.org/rss/websecurity.rss
>>
>> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>> WASC on Twitter
>> http://twitter.com/wascupdates
>>
>> websecurity at lists.webappsec.org
>> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>>
>
More information about the websecurity
mailing list