Friday, December 17, 2010

SDRF Vulnerability in Web-Applications and Browsers

This report describes a vulnerability type called SDRF. There are several examples that demonstrate the risk of the above-mentioned class of vulnerability. Causes of its existence and methods of protection from SDRF are also observed in the report.
SDRF – the Same Domain Request Forgery. Like the known CSRF (Cross-Site Request Forgery) vulnerability, SDRF falsifies HTTP requests of users, but in contrast to CSRF, it forges the requests, that are send by a user to the same domain, where the malicious code, that exploits the vulnerability, is located.

Download: PDF

Video Demo: Google Mail under Opera XSS attack PoC ( Opera v10.63 and 11 )

No comments: