{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 疯言疯语 的问题《Cross site form post with external site on differe》','https://www.manongdao.com/q-876776.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We're intergrating our site with an external site using form posts. The form on our page will submit to extenal site on a different domain. Is this even possible? I thought that would be an injection attack.
相关问题
- “Zero out” sensitive String data in Swift
- High cost encryption but less cost decryption
- How to restrict VOB read access in ClearCase (Wind
- Is it appropriate to secure/hide Swagger/OpenAPI S
- java 11 HttpClient leads to endless SSL loop even
相关文章
- Warning : HTML 1300 Navigation occured?
- Security concerns about CORS
- How do I prevent SQL injection with ColdFusion
- LINQ to Entities and SQL Injection
- How to use Google application-specific password in
- Will re-populating a password field in a form be a
- AWS - Configuring access to EC2 instance from Bean
- Shiro complaining “There is no session with id xxx
There is a type of vulnerability is called Cross Site Request Forgeries or XSRF. XSRF has nothing to do with the type of data, but rather that the request originates from a different server. http://www.owasp.org/index.php/XSRF
Here is an XSRF exploit POST request that I wrote: http://www.exploit-db.com/exploits/7922/ This javascript is used to automatically fire off a form when the page is viewed:
You probably want to learn more about the same-origin policy, this is the best writeup I have found: http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
Yes it should be possible. Make sure you have enough validations in place so that you dont post harmfull data (and you are not held responsible) also I hope the other party has some server side validation as well.