Hacker News new | past | comments | ask | show | jobs | submit login
Hacking HTTP Status Codes (schneier.com)
8 points by tewks on Feb 2, 2011 | hide | past | favorite | 2 comments



Technical details here: https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Pri...

The trick is to identify GET requests that will succeed only if the victim is logged into $SITE_OF_INTEREST, and bury them in an

   <img src="https://SITE_OF_INTEREST/more/stuff/here" 
        onload="is_logged_in()"
        onerror="not_logged_in()"
        ...>
If $SITE_OF_INTEREST doesn't have decent CSRF protection, this is an easy way for a rogue website to not only make a request, but observe the result.


Original lengthy discussion http://news.ycombinator.com/item?id=2139107




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: