Loose source checking - why referer bypass occurs

Insufficient checking was commonly associated with the flaw that allows bypasses to happen.

This happened when Programmers checks only for "containment" rather than thorough implementation of checking.

Insecure:
public class LooseSourceCheck {
    public static void showExample(String url){

        try{
            if(url.startsWith("http://trustedsubdomain")){
                System.out.print(String.format("Trusted subdomain: ", url));
            }
            else {
                    throw new IOException("Untrusted subdomain: " + url);
            }
        }
        catch(Exception ex){
        }
    }
}

Secure:



public class StrictSourceCheck {

    public static void showExample(){

        try{
            String[] approved_hosts = {
                    "trust1.yehg.net",
                    "trust2.yehg.net",
     "trust3.yehg.net",
     "trust4.yehg.net"
            };

            String url = "http://trust1.attacker.net/hack.jpg";
            URL netUrl = new URL(url);
            String host = netUrl.getHost();

            Boolean b = Arrays.asList( approved_hosts ).contains(host);
            if(!b){
                System.out.println("Untrusted domain: " + url);
            }else{
                System.out.println("Trusted domain: " + url );

            }
        }
        catch(Exception ex){


        }
    }
}

Comments

Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks