[wp-trac] Re: [WordPress Trac] #10294: CSRF through the img tag
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 1 08:53:35 UTC 2009
#10294: CSRF through the img tag
--------------------------+-------------------------------------------------
Reporter: SaltwaterC | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 2.8
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+-------------------------------------------------
Comment(by SaltwaterC):
I do have a solution. It may not be bullet proof, it depends on ext/curl,
but it's quite fast and reliable. Here's a CLI snippet which can be easily
converted to a proper procedure for image checking:
http://pastebin.ca/1480512
This piece of code uses the HEAD HTTP request to take a peek at the
headers of a given URI, thus no need for downloading the whole file. This
makes the whole checking process much faster.
The HTTP status code should be 200 for a valid image. Any other HTTP
status code must be rejected. Don't get fooled by 304.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Also the mime type should be an image mime type. A spoofed script which
sends an image type header wouldn't request an action within the browser
since the browser expects binary image output.
@hakre: I would if I could configure everyone's browsers, or make them to
use proper browsers. Actually the proper solution would be to: a) either
patch to WordPress all the right solutions for the wrong usage of the Web
(at least for the issues that I know of, and I do know a few); or b) code
my own platform which sounds reasonable from all points of view except for
the time part. Since I constantly discover flaws in various 3rd party
plug-ins, and you can't deny the fact that WordPress was widely adopted
because of the availability of such plug-ins, then maybe this second (b)
solution sounds reasonable - period.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10294#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list