[wp-hackers] Rethinking check_admin_referer()
Rob
r at robm.me.uk
Mon Apr 17 17:19:29 GMT 2006
John Joseph Bachir wrote:
> I have had neither coffee nor lunch yet today so maybe I am forgetting
> something obvious, but: isn't the biggest problem with with security
> through referer checks that referers can be trivially spoofed from the
> client side? Or to put it another way, the http client has the option
> of supplying an arbitrary referer string?
>
> John
> ----
> aim/yim/msn/jabber.org: johnjosephbachir
> 713.494.2704
> irc://irc.freenode.net/lyceum
> http://lyceum.ibiblio.org/
> http://blog.johnjosephbachir.org/
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
Not really, since the attack vector here requires an attacker to have a
logged-in user make the request, thus removing any possibility of them
manipulating the HTTP headers, and therefore spoofing the referrer,
since all the requests will be done from the client's end.
--
Rob Miller
http://robm.me.uk/ | http://kantian.co.uk/
More information about the wp-hackers
mailing list