Answer the question
In order to leave comments, you need to log in
V
V
vetsinen2018-07-05 11:25:23
vetsinen, 2018-07-05 11:25:23
Cross domain referer leakage, what options are there to prevent it?
Based on the results of an external audit, a vulnerability of the type Cross domain referer leakage was found on the project website. I looked at the information on the Internet, but there is only a generalized description of the attack, but I did not find any approaches to its elimination. Can you tell me what can be done on a working site to reduce the risk of this vulnerability?
1 answer(s)
@zxscv
Upon transition, the user will go to the page and if left there, he can click on an external link on the site and go to another site, and in the referer of this request will be
To eliminate the vulnerability, it is necessary to intercept with
Well, https also eliminates this problem
Z
zxscv, 2018-07-05 @zxscv
For example, you have auto-authorization on your site when you go from an email. Type
http://domain.com/[email protected]&secrettoken=vfwervwervwervwervwerv244234Upon transition, the user will go to the page and if left there, he can click on an external link on the site and go to another site, and in the referer of this request will be
http://domain.com/[email protected]&secrettoken=vfwervwervwervwervwerv244234To eliminate the vulnerability, it is necessary to intercept with
http://domain.com/[email protected]&secrettoken=vfwervwervwervwervwerv244234Well, https also eliminates this problem
Similar questions
L
G
K
kpa6uu2015-10-28 15:37:17
How to set up Hydra brute force to guess the password to your router?
1Reply
N
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question