Loose source checking - why referer bypass occurs

Insufficient checking was commonly associated with the flaw that allows bypasses to happen.

This happened when Programmers checks only for "containment" rather than thorough implementation of checking.

Insecure:
public class LooseSourceCheck {
    public static void showExample(String url){

        try{
            if(url.startsWith("http://trustedsubdomain")){
                System.out.print(String.format("Trusted subdomain: ", url));
            }
            else {
                    throw new IOException("Untrusted subdomain: " + url);
            }
        }
        catch(Exception ex){
        }
    }
}

Secure:



public class StrictSourceCheck {

    public static void showExample(){

        try{
            String[] approved_hosts = {
                    "trust1.yehg.net",
                    "trust2.yehg.net",
     "trust3.yehg.net",
     "trust4.yehg.net"
            };

            String url = "http://trust1.attacker.net/hack.jpg";
            URL netUrl = new URL(url);
            String host = netUrl.getHost();

            Boolean b = Arrays.asList( approved_hosts ).contains(host);
            if(!b){
                System.out.println("Untrusted domain: " + url);
            }else{
                System.out.println("Trusted domain: " + url );

            }
        }
        catch(Exception ex){


        }
    }
}

Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

HttpOnly Session ID in URL and Page Body | Cross Site Scripting

From Vulnerability to Exploit (Joomla! SQL Injection)