Donate to us via Paypal!
Become the change you seek in the world. - Gandhi
Thursday, August 06, 2020
 Need Help?
Members Online
Total Online: 99
Guests Online: 99
Members Online: 0

Registered Members: 127447
Newest Member: hardcor3n3rd
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking


Firebug "double post" with Ajax, and cookies


Your avatar

Joined: 01.01.70
Posted on 04-09-08 19:43
Over the past few months I've learned quite a bit about the complexities of web page security. I've gotten to be fairly decent, despite lacking a lot of basic knowledge - but even though I've learned a lot, there's still some questions I can't quite figure out.

First of all, I'm using Firebug to submit an Ajax request. I get the response:
Firebug needs to POST to the server to get this information for url:

This second POST can interfere with some sites. If you want to send the POST again, open a new tab in Firefox, use URL 'about:config', set boolean value 'extensions.firebug.allowDoublePost' to true
This value is reset every time you restart Firefox This problem will disappear when is shipped.

Analyzing the script suggests that this is because the data that I POST is then being POSTed again. But what I don't quite understand is, why does this interfere with the Ajax request?

Secondly, I was under the impression that pretty much any non-secure server that uses cookies is vulnerable to session hijacking simply by copying another user's cookies. But then I've recently learned that this isn't quite true - there's another factor. I suppose there's the browser, the IP address, the referrer that could all be factors... what else?