Question regarding Ajax Hacking
Posted
by Vincent
on Stack Overflow
See other posts from Stack Overflow
or by Vincent
Published on 2010-06-15T19:01:46Z
Indexed on
2010/06/15
19:12 UTC
Read the original article
Hit count: 260
All,
I have a PHP website written in Zend Framework and MVC. Most of the controller actions check if the request is an Ajax request or not, else they redirect the user to home page. I am thinking about various ways to break that site. I am considering the following scenario:
- A user creates his own PHP project on his Local machine.
User writes a JQuery ajax post request to one of the controllers on my site and tries to post malicious info. Ex:
$.ajax({ type: 'POST', url: "https://marketsite/getinfo/getstuff", cache: false, dataType: "html", success: function(html_response){ alert(html_response); }, error: function(xhr,ajaxOptions,errorThrown){ alert(errorThrown); } });
My Question is does "url" attribute in the ajax request above take absolute path? I know it takes relative path. Also, is it possible to break any site by sending such requests?
Thanks
© Stack Overflow or respective owner