|
|
|
|
|
|
by etc_passwd
4711 days ago
|
|
|
Your browser will automatically send any cookies it has for a domain when it is instructed to send a request to that domain HttpOnly cookies included. The thing preventing the malicious site from getting knowledge of your SID or your fnid token is the Same Origin Policy: https://en.wikipedia.org/wiki/Same_origin_policy. If it wasn't for the same origin policy, I could just grab your HN sid from any website with plain JS on the malicious domain. A CSRF attack is the equivalent of blind-firing a gun at a domain, and the browser "helps" you by automatically attaching your cookies to that bullet. Depending on the situation, you usually don't get a response back. Here is a good preso from when CSRF was hot back then which explains the attack scenarios: https://www.blackhat.com/presentations/bh-dc-08/Willis/Prese... Throwing CORS into the mix complicates things a bit but that relies on the site that is being attacked to explicitly allow calls from the malicious site or use an Access-Control-Allow-Origin: * which in itself is a security vulnerability. More details on CORS: https://developer.mozilla.org/en-US/docs/HTTP/Access_control... |
|
|