Alice is logged into a social network site,
http://www.GoatFriends.com, which uses simple
tags to perform many of the
actions on the site. One of the pages on the site contains the list of friend invites the user
has received, which is coded something like this:
Approve Dave!Approve Sally!Approve Bob!Chapter 3: Cross-Domain Attacks 75
If Sally clicks the ???Approve Bob??? link, her browser will generate a request to www
.GoatFriends.com that looks something like this:
GET http://www.goatfriends.com:80/addfriend.aspx?UID=2189 HTTP/1.1
Host: www.goatfriends.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3)
Gecko/20070309 Firefox/2.0.0.3
Accept: image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: GoatID=AFj84g34JV789fHFDE879
Referer: http://www.goatfriends.com/
You will notice that this request is authenticated by Alice??™s cookie, which was given
to her after she authenticated with her username and password, and which is persistent
and valid to the web application for weeks.
Pages:
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165