If you are using cookies for authentication, someone can embed URLs from your domain in a random webpage to trigger side effects.
For e.g. if you have a GET url for http://domain.com/logout and someone creates <img src="http://domain.com/logout"/> in his webpage and your user visits that page, he would be immediately logged out.
Similarly POST URLs can be embedded in <form> elements.
But if you are not using cookies, for e.g. you might be using JWT and storing the token in localstorage, you are safe.
Best solution: Don't use cookies for authentication
Best solution: Don't use cookies for authentication
XSS
-----
A bad guy posts a message on a forum. Message contains a js script tag. Whenever anyone visits the forum, that javascript runs and steals that person's cookie.
Solution: Escape any html or user submitted content you publish on your website.
Solution: Escape any html or user submitted content you publish on your website.
No comments:
Post a Comment