We're intergrating our site with an external site using form posts. The form on our page will submit to extenal site on a different domain. Is this even possible? I thought that would be an injection attack.
+1
A:
Yes it should be possible. Make sure you have enough validations in place so that you dont post harmfull data (and you are not held responsible) also I hope the other party has some server side validation as well.
Shoban
2009-10-19 09:54:56
A:
There is a type of vulnerability is called Cross Site Request Forgeries or XSRF. XSRF has nothing to do with the type of data, but rather that the request originates from a different server. http://www.owasp.org/index.php/XSRF
Here is an XSRF exploit POST request that I wrote: http://www.milw0rm.com/exploits/7918 This javascript is used to automatically fire off a form when the page is viewed:
<script>document.getElementById(1).submit();</script>
Rook
2009-10-20 06:09:41
A:
You probably want to learn more about the same-origin policy, this is the best writeup I have found: http://code.google.com/p/browsersec/wiki/Part2#Same-origin%5Fpolicy
Collin
2009-10-20 06:35:59