[wp-hackers] Any other way to do it? (or, do we really need Nonces?)

Timo Kissing timo.kissing+wordpress at gmail.com
Sat Mar 3 16:29:02 GMT 2007


On 3/3/07, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> Martin Fitzpatrick wrote:
>
> > Automatic POSTing can be done automagically on any webpage using
> > Javascript.  If you're currently logged into that remote URL your
> > browser (may) submit your cookies for it along with the data. A form
> > to do that can be hidden / in a frame. You could even be presented
> > with a "Submit" button that looks as though it's part of another form.
> > Everyone can be tricked.
> >
>
> I don't believe this. I've found specific claims to the contrary.
>
> I don't disbelieve it either. Often such claims miss things.
>
> However I would lie to see a specific proof of concept of a JavaScript
> that submits a POST to a 3rd party site with authentication cookies intact.

Go to http://believe.ranta.info/
Type in some text, submit
Go to http://believe.blogpara.de/
Type in some text, submit
Go back to the first page.
See the text you typed on the second one there too.

Read the sources at http://believe.ranta.info/ and
http://believe.blogpara.de/index.phps

And really, it would be very easy to make the second page send a post
without you doing anything at all (except visiting it with JS
enabled). POST does not protect you  from anything except maybe using
your back button.

Greetings.

PS: First time sending to list, I hope Gmail doesn't screw anything
up. If it does, please let me know so I can fix it.


More information about the wp-hackers mailing list