yea yea, we got it.... now, ill say one thing to FD, your all putting, one really cool thing i was doing, to a halt. enjoy, ask zx2c4 about it.
On 25 January 2012 21:09, Jerome Athias <jer...@netpeas.com> wrote: > This could be also used in some cases to Refer requests from "paypal" or > such payment systems when there is no/bad validation checks on an > e-commerce website. > > ie: > if(Referer.Contains("paypal.com")) > { ok } > > but what if i control "mypaypal.com"? > > > Le 24/01/2012 20:14, Jan Wrobel a écrit : >> Hi, >> >> Sorry if this is not new, but I didn't manage to find any mention of >> such a technique. >> >> In short: HTTP referer field contains information where the web user >> is coming from, which is often a trusted site such as a web search. >> Having such information, a malicious web site can use several tricks >> to fool the user into thinking that he or she returned to the >> referring site. In fact, the user is taken to a generic phishing site >> that intercepts all data exchanged between the user, the referring >> site and sites visited from the referring site. >> >> More detailed write up with few examples is here: >> http://mixedbit.org/referer.html >> >> Cheers, >> Jan >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > -- > Jerome Athias - NETpeas > VP, Director of Software Engineer > Palo Alto - Paris - Casablanca > www.netpeas.com > --------------------------------------------- > Stay updated on Security: www.vulnerabilitydatabase.com > > "The computer security is an art form. It's the ultimate martial art." > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/