Page History
...
- "For example, open redirect vulnerabilities can be used to exploit GET-based requests that are protected with a referer check"
- This refers to sites with a redirect destination as a parameter like http://www.vulnerable.com/redirect.asp?=http://www.links.com
- See https://www.owasp.org/index.php/Open_redirect
- So an attacker could use something like http://hackersite.io/?http://demoauthor45.magnolia-cms.com/.magnolia/etc, and a poorly written referer check might let the request through since the referer will include the domain name.
- "and some organizations or browser tools remove referrer headers as a form of data protection."
- That individual or organization would have sacrafice their privacy in this case.
- "There are also common implementation mistakes with referer checks. For example if the CSRF attack originates from an HTTPS domain then the referer will be omitted. In this case the lack of a referer should be considered to be an attack when the request is performing a state change."
- True browsing from an HTTPS page to a HTTP page strips the referer header by design (spec).
- We simply consider all requests with no referrer to be an attack.
...
Overview
Content Tools