Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Is it possible to bypass 127.0.0.1 referer check?
Posted by: acemutha
Date: September 22, 2009 11:22AM

Hi as per title, I was wondering if it's possible to send a request to a remote site using 127.0.0.1 as referer header.
The question is related to the fact that the only control the application does to prevent you from changing the admin password is checking if the string 127.0.0.1 is in the referer field.

Here's the php code.

if ( eregi ( "127.0.0.1", $_SERVER['HTTP_REFERER'] ) )
[...]


Thanks in advance

Options: ReplyQuote
Re: Is it possible to bypass 127.0.0.1 referer check?
Posted by: Gareth Heyes
Date: September 22, 2009 01:20PM

LOL well look at the RegExp

somepage.php?127*0*0*1

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Is it possible to bypass 127.0.0.1 referer check?
Posted by: acemutha
Date: September 23, 2009 03:48AM

LOL you are right.....

Thanks a lot

Options: ReplyQuote
Re: Is it possible to bypass 127.0.0.1 referer check?
Posted by: chosi
Date: September 23, 2009 05:02AM

....despite the fact, that you can just fake the referer ;)

Options: ReplyQuote
Re: Is it possible to bypass 127.0.0.1 referer check?
Posted by: acemutha
Date: September 25, 2009 04:54AM

What can you use right now to spoof Referer header, a part from proxy.
Flash no longer allows it, I believe.
Maybe java applet?

Thanks.

Options: ReplyQuote
Re: Is it possible to bypass 127.0.0.1 referer check?
Posted by: PaPPy
Date: September 25, 2009 09:12AM

http://referer.us/hide-http-referer.html
http://en.wikipedia.org/wiki/Referrer_spoofing

and this allows u to place javascript on the page and it rewrite any forms or links to have no referral header or it can spoof the url
http://cloakedlink.com/

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Is it possible to bypass 127.0.0.1 referer check?
Posted by: acemutha
Date: September 29, 2009 05:21AM

Thanks a lot for your infos.

Options: ReplyQuote


Sorry, only registered users may post in this forum.