Books for you

What if Sally is a truly lonely person and would like to gather as many friends as
possible? Knowing that GoatFriends uses a long-lived cookie for authentication, Sally
could add an image tag to her rather popular blog, pitifulexistence.blogspot.com, such
as this:
height=1 width=1>
Every visitor to Sally??™s blog would then have his or her browser automatically make
this image request, and if that browser??™s cookie cache includes a cookie for that domain,
it would automatically be added. As for Alice, her browser would send this request:
GET http://www.goatfriends.com:80/addfriend.aspx?UID=4258 HTTP/1.1
Host: www.goatfriends.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.3)
Gecko/20070309 Firefox/2.0.0.3
Accept: image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: GoatID=AFj84g34JV789fHFDE879
Referer: http://pitifulexistence.blogspot.com/
76 Hacking Exposed Web 2.0
As you can see, these two requests are nearly identical, and as a result, every visitor
to Sally??™s blog who has logged into GoatFriends within the last several weeks will
automatically add Sally as their friend.


Pages:
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166