Donate to us via Paypal!
Become the change you seek in the world. - Gandhi
Thursday, August 06, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 99
Guests Online: 99
Members Online: 0

Registered Members: 127447
Newest Member: hardcor3n3rd
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

Firebug "double post" with Ajax, and cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-09-08 19:43
Over the past few months I've learned quite a bit about the complexities of web page security. I've gotten to be fairly decent, despite lacking a lot of basic knowledge - but even though I've learned a lot, there's still some questions I can't quite figure out.

First of all, I'm using Firebug to submit an Ajax request. I get the response:
Firebug needs to POST to the server to get this information for url:
http://www.example.com/helloworld/test

This second POST can interfere with some sites. If you want to send the POST again, open a new tab in Firefox, use URL 'about:config', set boolean value 'extensions.firebug.allowDoublePost' to true
This value is reset every time you restart Firefox This problem will disappear when https://bugzilla.mozilla.org/show_bug.cgi?id=430155 is shipped.


Analyzing the script suggests that this is because the data that I POST is then being POSTed again. But what I don't quite understand is, why does this interfere with the Ajax request?



Secondly, I was under the impression that pretty much any non-secure server that uses cookies is vulnerable to session hijacking simply by copying another user's cookies. But then I've recently learned that this isn't quite true - there's another factor. I suppose there's the browser, the IP address, the referrer that could all be factors... what else?