Difference between revisions of "Using referer field for authentication or authorization"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/frhorton/q8nii8ad3.html pictures of zambia africa
] [http://s1.shard.jp/frhorton/t45lfscw6.html maps of african deserts
] [http://s1.shard.jp/frhorton/obe78uzn9.html african american institute leadership
] [http://s1.shard.jp/olharder/auto-insurance-fort.html autobiography of malcolm x lesson plan
] [http://s1.shard.jp/galeach/new12.html asian4u anna song
] [http://s1.shard.jp/olharder/capital-one-auto.html auto shops in toronto
] [http://s1.shard.jp/olharder/automobile-accident.html mayfair auto parts taylor michigan
] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html autocratic country government
] [http://s1.shard.jp/bireba/window-security.html uninstall norton antivirus corporate
] [http://s1.shard.jp/galeach/new121.html telecomasia.com
] [http://s1.shard.jp/olharder/bank-auto-repos.html automobile index price producer
] [http://s1.shard.jp/losaul/polo-photography.html chrysler car club south australia
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/olharder/tactical-automated.html tactical automated security system tass] [http://s1.shard.jp/olharder/arena-auto-auction.html dobbs tire auto
] [http://s1.shard.jp/olharder/automoveis-bmw.html automation home software x10
] [http://s1.shard.jp/losaul/ash-australia.html cheap tickets australia
] [http://s1.shard.jp/frhorton/1kjwm4ocq.html ancient african kingdom
] [http://s1.shard.jp/bireba/2005-antivirus.html avant antivirus
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/losaul/newcastle-australia.html australia internet shopping supervoucher
] [http://s1.shard.jp/losaul/the-association.html lennox head australia
] [http://s1.shard.jp/frhorton/kvvijfhfe.html south african movie posters
] [http://s1.shard.jp/galeach/new58.html asia kazakhstan regional
] [http://s1.shard.jp/bireba/avg-antivirus-7.html norton antivirus 2005 download warez
] [http://s1.shard.jp/losaul/australian-sheepskin.html advertising association australia
] [http://s1.shard.jp/galeach/new139.html asian long horned beetle habitat
] [http://s1.shard.jp/losaul/map-of-whitsunday.html life in the 1900s in australia
] [http://s1.shard.jp/olharder/automotive-suspension.html surface mount technology semi automatic an
] [http://s1.shard.jp/olharder/auto-emissions-test.html auto body shop in seattle
] [http://s1.shard.jp/galeach/new9.html roceasia] [http://s1.shard.jp/losaul/australia-posters.html carns australia
] [http://s1.shard.jp/bireba/lu1812-norton.html symantec antivirus server port
] [http://s1.shard.jp/olharder/car-ezautoshippersnet.html sears automotive store hours
] [http://s1.shard.jp/losaul/job-agencies-sydney.html melbourne international airport australia
] [http://s1.shard.jp/galeach/new198.html asian massage clip
] [http://s1.shard.jp/olharder/auto-hydrogene.html uk auto salvage auctions
] [http://s1.shard.jp/bireba/mcafee-free-antivirus.html windows 2000 server antivirus free
] [http://s1.shard.jp/galeach/new166.html a map of where asia] [http://s1.shard.jp/frhorton/whhjm2ac8.html african american historical music
] [http://s1.shard.jp/galeach/new36.html juxtafoveal telangiectasias
] [http://s1.shard.jp/galeach/new140.html asian girl band
] [http://s1.shard.jp/frhorton/qtlusvqfk.html sechaba africa travel
] [http://s1.shard.jp/frhorton/nluldpiwy.html south african white wines
] [http://s1.shard.jp/bireba/antivirus-checking.html kasperski antivirus program
] [http://s1.shard.jp/losaul/beds-online-australia.html opal mining australia
] [http://s1.shard.jp/frhorton/xntk9qgnd.html medical association of south africa
] [http://s1.shard.jp/losaul/ electoral register search australia

Revision as of 10:00, 27 May 2009

http://www.textacpasv.com This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents


The referrer field (actually spelled 'referer') in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.


  • Authorization: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.
  • Accountability: Actions may be taken in the name of the server referred to.

Exposure period

  • Design: Authentication methods are generally chosen during the design phase of development.


  • Languages: All
  • Operating platforms: All

Required resources




Likelihood of exploit

Very High

The referrer field in HTML requests can be simply modified by malicious users, rendering it useless as a means of checking the validity of the request in question. In order to usefully check if a given action is authorized, some means of strong authentication and method protection must be used.

Risk Factors



In C/C++:

sock= socket(AF_INET, SOCK_STREAM, 0); 
bind(sock, (struct sockaddr *)&server, len) 
while (1)
newsock=accept(sock, (struct sockaddr *)&from, &fromlen);
if (pid==0) {
  n = read(newsock,buffer,BUFSIZE);
if (buffer+...==Referer: http://www.foo.org/dsaf.html)
//do stuff

In Java:

public class httpd extends Thread{
  Socket cli;
  public httpd(Socket serv){
  public static void main(String[]a){
  ServerSocket serv=new ServerSocket(8181);
    new h(serv.accept());
   public void run(){
       BufferedReader reader
         =new BufferedReader(new InputStreamReader(cli.getInputStream()));
       //if i contains a the proper referer.
      DataOutputStream o= 
         new DataOutputStream(c.getOutputStream());

In J2EE:

Any J2EE program that uses


to make a decision is also vulnerable.

Related Attacks

Related Vulnerabilities

Related Controls

  • Design: Use other means of authorization that cannot be simply spoofed.

Related Technical Impacts