bruce wrote:
i just read an article that described how someone could have a url of
'http://foo.com/....' and have the URL in an <img> in their website.
the website could be cat.com. the article implied that if a user would
select the img, the link to the foo.com would be initiated, thereby
fooling the user...
i'm lost. i was under the impression that any interaction between the
user and foo.com was essentially between the user and 'foo.com'. so that
even though 'cat.com' may have caused the user to hit the link, the
communication still occurs between the user and 'foo.com', not 'cat.com'
It sounds like you read an article about CSRF, cross-site request
forgeries. This is a bit difficult to explain, and it's a vulnerability
that exists in almost every PHP application I've audited.
CSRF describes any attack that causes a victim to send a request of the
attacker's choosing. In other words, a victim might send a request to
http://books.example.org/ without knowing it and without actually
visiting a web page at http://books.example.org/.
Using an img tag is just one type of attack - it's the most common, but
only because it's the easiest.
I gave a talk recently that was a hands-on demonstration of a handful of
common attacks, and CSRF was one:
http://brainbulb.com/talks/php-security-by-example.pdf
You can get the code for the exercises here:
http://brainbulb.com/phpworks.tar.gz
The second exercise is devoted to CSRF, and your first task is to
exploit the vulnerability. I think exploiting vulnerabilities is a
pretty good way to get a better understanding of them. Unfortunately,
viewing the slides of a talk is much less helpful than the talk itself,
but maybe there's enough there for you to understand the attack.
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
