[Mimedefang] OT: Email web form exploits
Kelson
kelson at speed.net
Fri Sep 9 12:50:31 EDT 2005
James Ebright wrote:
> Check the URI referrer and only allow the web form to be hit FROM the URLS
> that it should be linked to otherwise simply return an error similar to
> unauthorized access attempt....
Not sufficient. These are being done using direct hits to port 80, not
actual web browsers, so the attacking script can set whatever referrer
it wants.
I already had referer checks on all the forms that I saw get hit by
these probes.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list