Using referer field for authentication or authorization

Revision as of 07:09, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ pictures of zambia africa ] [ maps of african deserts ] [ african american institute leadership ] [ autobiography of malcolm x lesson plan ] [ asian4u anna song ] [ auto shops in toronto ] [ mayfair auto parts taylor michigan ] [ autocratic country government ] [ uninstall norton antivirus corporate ] [ ] [ automobile index price producer ] [ chrysler car club south australia ] page tactical automated security system tass [ dobbs tire auto ] [ automation home software x10 ] [ cheap tickets australia ] [ ancient african kingdom ] [ avant antivirus ] domain http [ australia internet shopping supervoucher ] [ lennox head australia ] [ south african movie posters ] [ asia kazakhstan regional ] [ norton antivirus 2005 download warez ] [ advertising association australia ] [ asian long horned beetle habitat ] [ life in the 1900s in australia ] [ surface mount technology semi automatic an ] [ auto body shop in seattle ] roceasia [ carns australia ] [ symantec antivirus server port ] [ sears automotive store hours ] [ melbourne international airport australia ] [ asian massage clip ] [ uk auto salvage auctions ] [ windows 2000 server antivirus free ] a map of where asia [ african american historical music ] [ juxtafoveal telangiectasias ] [ asian girl band ] [ sechaba africa travel ] [ south african white wines ] [ kasperski antivirus program ] [ opal mining australia ] [ medical association of south africa ] [ electoral register search australia ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


The referrer field (actually spelled 'referer') in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.


  • Authorization: Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to.
  • Accountability: Actions may be taken in the name of the server referred to.

Exposure period

  • Design: Authentication methods are generally chosen during the design phase of development.


  • Languages: All
  • Operating platforms: All

Required resources




Likelihood of exploit

Very High

The referrer field in HTML requests can be simply modified by malicious users, rendering it useless as a means of checking the validity of the request in question. In order to usefully check if a given action is authorized, some means of strong authentication and method protection must be used.

Risk Factors



In C/C++:

sock= socket(AF_INET, SOCK_STREAM, 0); 
bind(sock, (struct sockaddr *)&server, len) 
while (1)
newsock=accept(sock, (struct sockaddr *)&from, &fromlen);
if (pid==0) {
  n = read(newsock,buffer,BUFSIZE);
if (buffer+...==Referer:
//do stuff

In Java:

public class httpd extends Thread{
  Socket cli;
  public httpd(Socket serv){
  public static void main(String[]a){
  ServerSocket serv=new ServerSocket(8181);
    new h(serv.accept());
   public void run(){
       BufferedReader reader
         =new BufferedReader(new InputStreamReader(cli.getInputStream()));
       //if i contains a the proper referer.
      DataOutputStream o= 
         new DataOutputStream(c.getOutputStream());

In J2EE:

Any J2EE program that uses


to make a decision is also vulnerable.

Related Attacks

Related Vulnerabilities

Related Controls

  • Design: Use other means of authorization that cannot be simply spoofed.

Related Technical Impacts