Discount Web Hosting Application Security Consortium Discount Hosting

SRC= http://foo.example/pr/01012003.html>

The  pr  web application in the example above creates the HTML

with a static menu and a dynamically generated FRAME SRC. The

 pr_content  frame pulls its source from the URL parameter value

of  pg  to display the requested press release content. But what if an

attacker altered the normal URL to

http://foo.example/pr?pg=http://attacker.example/sp

oofed_press_release.html? Without properly sanity checking

the  pg  value, the resulting HTML would be:

Code Snippet:

http://attacker.example/spoofed_press_release.html >

To the end user, the  attacker.example  spoofed content appears

authentic and delivered from a legitimate source.

References

 A new spoof: all frames based sites are vulnerable    SecureXpert

Labs

Copyright 2004, Web Application Security Consortium. All rights reserved.





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      Discount Web Hosting 
    
  
  
    
 
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.