referrer

问题 After pentration testing, developer mitigates the CSRF vulnerability by using only referrer header. The application have other vulnerability like XSS. Is it possible to exploit CSRF with the help of XSS? if yes how? 回答1: Short story: Its very difficult to design effective CSRF protection when XSS is present. Mitigation of CSRF via referrer header is generally considered a weak defense - there are situations where these are stripped (by the browsers or proxies) and you would need to fail these

问题 Is there anyway to grab the referring URL using javascript, lets say the reffering url is http://page.com/home?local=fr, then redirect a user to a new page with the same local as the reffering page (http://page.com/login?local= referring local )? Pseudo code would be something like this: var referringURL = document.referrer; var local = referringURL.substring(referringURL.indexOf("?"), referringURL.length()) var newURL = "http://page.com/login" +local; Send user to newURL Thanks, -Pete 回答1:

问题 We use the URLReferrer and a code passed in on the query string to produce online videos so that only our paid clients can link to our video playback page. This system has worked well for some time. I know the URL referrer can be spoofed, but who would tell their clients to do such a thing to access a video ? It's worked well for us. However, today I was asked about someone for whom it did not work. The URLReferrer is null, and their site is HTTPS. I have done some reading online and I get

问题 If there is a link posted on Facebook to my website, and a user follows it, I would like to display custom content using PHP. I tried with the following method... $_SERVER['HTTP_REFERER'] Facebook must block this feature because it is not working. Is there a method for this that actually works with Facebook? 回答1: This news is a year old, yet I see they are still using it.. I post it here because It is still pretty informative The srouce of the link is https://www.facebook.com/note.php?note_id

问题 I just started to use awesomium. I wanted to understand how to change user-agent and referrer. i need for example to initialize 5 istance o awesomium webcontrol and for each of them i need different user-agent and different referrer. this is my simple code private void newbrowser() { browser = new Awesomium.Windows.Forms.WebControl(); browser.Paint += browser_Paint; browser.Location = new System.Drawing.Point(1, 1); browser.Name = "webControl"; browser.Size = new System.Drawing.Size(1024, 768

问题 Are there any HTTP Headers I could use to grab the entire referrer URL using a webserver/server-side scripting? Including query string, et cetera? 回答1: You should be able to grab it from the $_SERVER['HTTP_REFERER'] variable. 回答2: To add to Chacha's point, I don't know if you want to capture the client side hash part of the referrer URL (sometimes, you do). I.e. if the client came from "http://www.domain.com?x=3#y=5", the $_SERVER['HTTP_REFERER'] will only contain "http://www.domain.com?x=3",

问题 I am trying to get the full referring url to a page via javascript. So far the closet I have come is var lastUrl = document.referrer; This does not include the query attached to the url. var lastUrl = document.URL; returns the current URL with the querystring intact. Is there anyway of easily obtaining the referring url along with the referring query. 回答1: You cant. You can navigate user to previous page with window.history.back(); but you will not know what url it was. You can get only this:

问题 How do I get the IP address of the server that calls my ASP.NET page? I have seen stuff about a Response object, but am very new at c#. Thanks a ton. 回答1: This should work: //this gets the ip address of the server pc public string GetIPAddress() { IPHostEntry ipHostInfo = Dns.GetHostEntry(Dns.GetHostName()); // `Dns.Resolve()` method is deprecated. IPAddress ipAddress = ipHostInfo.AddressList[0]; return ipAddress.ToString(); } http://wec-library.blogspot.com/2008/03/gets-ip-address-of-server

问题 I've written the following small piece of javascript (Based on the excellent parseURI function) to identify where the user originated from. I am new to Javascript, and although the code below works, was wondering if there is a more efficient method of achieving this same result? try { var path = parseUri(window.location).path; var host = parseUri(document.referrer).host; if (host == '') { alert('no referrer'); } else if (host.search(/google/) != -1 || host.search(/bing/) != -1 || host.search(

问题 I've written the following small piece of javascript (Based on the excellent parseURI function) to identify where the user originated from. I am new to Javascript, and although the code below works, was wondering if there is a more efficient method of achieving this same result? try { var path = parseUri(window.location).path; var host = parseUri(document.referrer).host; if (host == '') { alert('no referrer'); } else if (host.search(/google/) != -1 || host.search(/bing/) != -1 || host.search(