Closed Bug 1547456 Opened 6 years ago Closed 6 years ago

Xmlhttprequest bypass to another domain

Categories

(Core :: DOM: Networking, defect)

Product:
Core
Component:
DOM: Networking
Version:
66 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: nandocolz, Unassigned)

Details

Attachments

(1 file)

hasil.jpg
71.71 KB, image/jpeg
Details
Attached image hasil.jpg

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

1.Firste step I will make this page send data to another domain
2.req.open("POST","//ayoomall.com/Cart/add_to_cart",true);
add // to bypass
3.Yeah Xml http request bypass now can access another page

Actual results:

The web page will send request data to another domain using xmlhttprequest

Expected results:

someone can run injection like as csrf or another method injection which using xmlhttprequest

Sending data to another site is almost always possible on the web. If nothing else, you could just embed the data in the URL itself and assign to location.href. This is not a security issue.

(In this particular case, XHR POST with one of a restricted set of mimetypes ( https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests ) is allowed without a "pre-flight" OPTIONS request.)

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Component: Untriaged → DOM: Networking
Product: Firefox → Core
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: