this was my best kept secret! (o; BUT, i remember testing it on PHPBB back then, i don't think you can take over the session on that! (i may be wrong). YAP, but there are LOTS of sites & applications out there from which you can easily steal away sessions.
On 8/7/05, Ripe Md <[EMAIL PROTECTED]> wrote: > With referers (HTTP_REFERER) it is easy to takeover sessions in some > Web applications Forums (phpBB) and so far. If an user of such an > application doesn't allow the use of cookies, the session informations > are mostly transportet over the URL. If somebody else places a > Hyperlink for example in a Forum which points to a server, which other > person owns, the other person, has just to read the referer log of > this server. The same problem occurs also in Forums, which allow the > including of external pictures for example with the [IMG]-BB-Tag. > > Work-Around: > On the Clientside: > Disable the sending of the Referer in the Browser. > > On the Serverside: > for Links: > - Use An URL Database, and store all Hyperlinks of your users in it. > - Make an Link exit page, which doesn't include any sensitive Information. > For Pictures: > - Just don't allow users to include externl pictures. > Or your Application should just be accessible via the use of Cookies. > > Sincerely > > ~ RIPEMD160 > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- --- Bipin Gautam http://bipin.tk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
