Collaborate Disseminate
Note: This question is not the same as the linked possible duplicate. That question asks how checking the origin/referer header protects against CSRF. This questions is asking how to implement the specific details.
I see a l… Continue reading CSRF Origin and Referer Header just check host?
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer
A Referer header is not sent by browsers if the referring resource is
a local “file” or “data” URI.
Is this true for all major, modern browsers (Safari… Continue reading Opening a saved web page: Is referer file:// sent?
Google search result of my wordpress site is different than original content. We have taken services of security expert and they have scanned the site and database but there is no modification in code and database. Neither th… Continue reading Fake referer is affecting my google search results
I was troubleshooting what I thought may be a connectivity issue, and I noticed the site I am trying to connect to acts as a referrer to facebook. Given that I do not go to facebook often, I wondered why it would do this. And… Continue reading Facebook referer when visiting a non-facebook website
We are getting a huge amount of requests that I can not explain. These request all go to admin.OURWEBSITE.com/api/analyze/, but we do not have an admin subdomain and we do not have an api/analyze route. Our server then return… Continue reading Are these HTTP_REFERER from a bot-net? Are they harmful? How should I handle them?
I’m looking through the CSRF vulnerabilities of the DVWA. I run into the medium level which uses this piece of code to validate if the referer header equals the server name:
if( eregi( $_SERVER[ 'SERVER_NAME' ], $_SERVER[ 'HTTP_REFERER' ] ) ).
If so, my query will be accepted and triggered on a database changing login info. I’m doing this through a malicious webpage.
So far I was able to see what the Referer name is on a response header from the server. From my understanding,that php function is asking the following:
Is the value of $_SERVER[‘SERVER_NAME’] present in $_SERVER[‘HTTP_REFERER’]?
So, my first thought was, trying to manipulate the request URL string and embed the referer header on it. (no results) I’m assuming that the if statement is just looking for a pattern. The thing is that I don’t know how to pass it and quiet honestly I don’t understand if my GET request is present in $_SERVER[ 'SERVER_NAME' ] or in $_SERVER[ 'HTTP_REFERER' ]. From my investigation I think the referer header cannot be changed in a simple html img tag. So my last question would be: Am I able to forge the string of img tag (HTTP request GET) in a way that the statement evaluates to true? If not, how can I do that in a scenario where a victim always uses this malicious webpage unconsciously?
Continue reading How to forge Referer Header in GET method triggered on HTML
Is it a problem when URLs in a web application redirect to the URL specified in the Referer header?
It’s not an open redirect like any of the /whatever?url=evil.com examples I’ve seen, that can be exploited by having users c… Continue reading Is it unsafe to redirect to the referer URL?
I have typically implemented password reset functionality by sending a link that included something like this:
http://example.com/pwreset?id=userId&resetToken=superSecretResetToken
On my pwreset page I will typically request a few re… Continue reading How to implement password reset functionality without becoming susceptible to cross-domain referer leakage?
Imagine a generic web application with a login form to access the application. Regardless of how the actual authentication is performed, what are the implications of not checking the referer header to verify the submit reques… Continue reading What are the risk implications of not verifying referer header on login form?