GET requests
When creating a variety of engines for sites, developers often miss such a non-essential point, it seems to be a small, but still a bug.
For example, Yandex, this link
passport.yandex.ru/passport?mode=logout&retpath=http%3A%2F%2Fwww.yandex.ru%2F
Causes the user to leave the mail. It is unlikely that someone will click on it, but what if it is not a link, but for example a picture with such an address. The browser will make a request, it will not find the pictures, but will throw the user out of the mail.
Such examples are the great variety of mail.ru, VKontakte.ru, classmates.ru, various systems: forums, portal systems, online stores.
On many sites there is a check on the referer of the user, but if he does not betray, then usually the system does not react and does the necessary actions.
User logout is one of examples, if this is an online store and a purchase of goods passes through a GET request or is processed through $ _REQUEST ...
In fact, an attacker can take advantage of this, for example, using a forum and force the user to do something on a third-party site.
')
The last time I am very interested in this problem, and how to solve it.
For example, Yandex, this link
passport.yandex.ru/passport?mode=logout&retpath=http%3A%2F%2Fwww.yandex.ru%2F
Causes the user to leave the mail. It is unlikely that someone will click on it, but what if it is not a link, but for example a picture with such an address. The browser will make a request, it will not find the pictures, but will throw the user out of the mail.
Such examples are the great variety of mail.ru, VKontakte.ru, classmates.ru, various systems: forums, portal systems, online stores.
On many sites there is a check on the referer of the user, but if he does not betray, then usually the system does not react and does the necessary actions.
User logout is one of examples, if this is an online store and a purchase of goods passes through a GET request or is processed through $ _REQUEST ...
In fact, an attacker can take advantage of this, for example, using a forum and force the user to do something on a third-party site.
')
The last time I am very interested in this problem, and how to solve it.
Source: https://habr.com/ru/post/55145/
All Articles