Skip to main content
Topic: Anti-CSRF fix in img tag useless? (Read 1309 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Anti-CSRF fix in img tag useless?

Good point:
http://www.simplemachines.org/community/index.php?topic=545700.0

Quote from: qc
However, it has always been and is still possible to include images with such an "action"-URL by simply pointing to an HTTP-redirect, e.g. [img]http://bit.ly/blabla[/img] with http://bit.ly/blabla redirecting to /index.php?action=DANGEROUS

In summary: this fix never worked, and should therefore be removed. The underlying problem that this fix was addressing should be fixed directly by e.g. introducing CSRF protection tokens where they are still missing (e.g. search).
Bugs creator.
Features destroyer.
Template killer.

Re: Anti-CSRF fix in img tag useless?

Reply #1
I thought the referer [sic] header was checked for that purpose?

 

Re: Anti-CSRF fix in img tag useless?

Reply #2
The idea is exactly that one (not only the referer but the section id as well), the reason I posted that one is because I'd like to be sure there isn't any place left that doesn't use checkSession. ;)
Bugs creator.
Features destroyer.
Template killer.