On Oct 6, 2006, at 1:04 PM, [EMAIL PROTECTED] wrote:
1) Joe Bloggs logs into my website and has an active session.
2) Clicks on a link (either from an email or from content posted
on my
site) to http://www.malicious-site.com/index.html
3) That index page contains an <img src="/logo.gif" /> tag
3) Instead of serving the image, the server at www.malicious-site.com
issues a 302 HTTP Status code which redirects Joe Bloggs to
http://my.website.com/change_password?new_password=abcde
can't a lot of this be locked down with http referrers ?
i know they can be spoofed - but thats a manual action. i've yet to
hear of a browser than can spoof headers via javascript. you'd have
to compromise the browser, not insert malicious JS or images into a
page.