Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 18

Hashed Hidden Fields
Attack requirement:
1. Application developer falsely
depends on the Referer
Header to check the page
from which the request id
originated.
Send Request to a
privileged page
faking Referer
Header
Attack process
1. Using a proxy capture a
request heading to restricted
page.
2. Alter the Referer Header to
match a page with the same
or higher authority level
3. Release the altered request.
2017-05-10
Attacker page
Send privileged response
Application
because application
considered it is a local
request from trusted page
Server
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 18