- From: Close, Tyler J. <tyler.close@hp.com>
- Date: Tue, 12 Feb 2008 02:57:13 +0000
- To: Ian Hickson <ian@hixie.ch>
- CC: "WAF WG (public)" <public-appformats@w3.org>
Close, Tyler J. wrote:
> +Robbing the user+
>
> For this scenario:
>
> resource host: acting faithfully
> third-party script: acting dishonestly
> user: acting honestly
>
> In this scenario, the third party script seeks to cause
> changes to the resource that the resource host will blame on the user.
>
> The third-party script sends exactly the same HTTP POST
> request shown in "Framing the Referer".
Or rather, almost exactly the same request. The "recipient" identifier identifies an account belonging to the third-party script's author. So:
POST /spendMoney HTTP/1.1
Host: honestBank.com
Referer-Root: https://honestBlogger.com
Cookie: "user's authentication tokens"
Content-Type: application/json
{
"recipient": "honestBlogger's accomplice account",
"amount": "20 bucks"
}
--Tyler
Received on Tuesday, 12 February 2008 02:58:20 UTC