Although
stylistic advances in web design have made contemporary HTML forms look significantly
different from the rectangular text field and gray submit button of the late 1990s,
the format of the request as seen on the network looks the same. For example, a simple
login form that looks like this
82 Hacking Exposed Web 2.0
will result in an HTTP request that looks like this, upon the user clicking the submit
button:
POST https://www.goatfriends.com/login.aspx HTTP/1.1
Host: www.goatfriends.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X;
en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Accept:text/xml,application/xml,application/xhtml+xml,text/
html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: GoatID=AFj84g34JV789fHFDE879
Content-Type: application/x-www-form-urlencoded
Content-length: 32
loginname=Bob&password=MyCatName
This request is easily falsified by sites in which an attacker controls the HTML and
JavaScript, since basically no restrictions exist on the ability of one web page to submit a
form to a completely different domain.
Pages:
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179