2

I have a page that I am afraid someone can hack. The page itself makes it so that if you come to the page without having the correct referrer you are redirected back to the page with the form.

I tried to use curl but it also redirects me and gives me the "object moved."

My page uses a GET so I thought I could just use curl but again it redirects. This is a good thing because redirecting without coming from the page I want is part of my "security." I don't know how weak that is though (the technique) and cURL may be the wrong tool to try and break it.

The page just returns orders based on the query string. I believe I am good against sql injection, just testing this last part. Ajax maybe?

asp classic webpage.

Thanks for any help.

Update: I was able to use this: How do I use cURL & PHP to spoof the referrer?

Community
  • 1
  • 1
johnny
  • 19,272
  • 52
  • 157
  • 259

2 Answers2

3

Referer is just a header sent by the browser, and therefore it can be spoofed. From a manual on cURL:

REFERRER
A HTTP request has the option to include information about which address that referred to actual page. Curl allows you to specify the referrer to be used on the command line. It is especially useful to fool or trick stupid servers or CGI scripts that rely on that information being available or contain certain data.

     curl -e www.coolsite.com http://www.showme.com/  

NOTE: The Referer: [sic] field is defined in the HTTP spec to be a full URL.

So, to test this in cURL, use the -e switch with the correct Referer header and see what happens.

Andrew
  • 14,325
  • 4
  • 43
  • 64
  • I tried this but I continue to get Object Moved, which I believe is the redirect caused by the lack of the correct referrer. – johnny Aug 02 '11 at 17:37
  • You may then, quite simply, have the wrong referrer. You might consider using something like [Fiddler](http://www.fiddler2.com/) to get the actual header sent in a valid request from the browser. – Andrew Aug 02 '11 at 17:40
2

This is not an answer itself, but rather an extension of Matt Ball's comment for future readers. Don't rely on the referrer for security:

Wikipedia has an entire article on it: Referrer Spoofing

While many web sites are configured to gather referrer information and serve different content depending on the referrer information obtained, exclusively relying on HTTP referrer information for authentication and authorization purposes is not a [genuine state of the art computer] security measure, and has been described as snake oil security. HTTP referrer information is freely alterable and interceptable, and is not a password, though some poorly configured systems treat it as such...

Andrew's answer shows how to send a customized referrer with curl.

Happy coding.