Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
referer XSS question
Posted by: raracho
Date: August 19, 2012 12:17AM

Hi all,

I found a web app that prints referrer in HREF attribute value:

<A HREF="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']);?>">go back</A>

Is there any chance for XSS attack?

I tried on several browsers, and it seems that browsers do not send
referrer URL with "javascript:" or "data:" scheme, even the URL of
the originating web page has such schemes.

Options: ReplyQuote
Re: referer XSS question
Posted by: cr101
Date: August 21, 2012 09:27AM

What exactly are you doing to try to make the browser send a javascript directive in the referrer?

Options: ReplyQuote
Re: referer XSS question
Posted by: Albino
Date: August 21, 2012 12:07PM

I don't think so.

-------------------------------------------------------
Research blog

Options: ReplyQuote


Sorry, only registered users may post in this forum.