Hacker News new | ask | show | jobs
by benmmurphy 4884 days ago
afaik you can't use cross site requests to exploit either the xml bug or the json bug without also exploiting a browser or plugin bug. both issues depend on setting a request header and you are not allowed to do this in the browser security model. but it sucks that CSRF bug becomes RCE bug :(
1 comments
homakov 4884 days ago
>but it sucks that CSRF bug becomes RCE bug :( you just said it - it cant be exploited via CSRF. Because you cannot set header.

NO EXPLOIT FOR LOCALHOST:3000 calm down

link
benmmurphy 4884 days ago
i actually lied :) there is #from_xml so if you were doing Hash.from_xml(params[:trololol]) or Post.from_xml(params[:lols]) then you would be vulnerable to localhost:3000 attack. but I don't think there is generic attack it would have to be application specific.
link
homakov 4884 days ago
you still needto bypass CSRF protection which is on by default
link
rmc 4883 days ago
Yet.
link