Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Firebug "double post" with Ajax, and cookies

  1. Home
  2. Forum
  3. Web hacking
  4. Firebug "double post" with Ajax, and cookies

ghost's Avatar

ghost

0 0

Over the past few months I've learned quite a bit about the complexities of web page security. I've gotten to be fairly decent, despite lacking a lot of basic knowledge - but even though I've learned a lot, there's still some questions I can't quite figure out.

First of all, I'm using Firebug to submit an Ajax request. I get the response:

Firebug needs to POST to the server to get this information for url: http://www.example.com/helloworld/test

This second POST can interfere with some sites. If you want to send the POST again, open a new tab in Firefox, use URL 'about:config', set boolean value 'extensions.firebug.allowDoublePost' to true This value is reset every time you restart Firefox This problem will disappear when https://bugzilla.mozilla.org/show_bug.cgi?id=430155 is shipped.

Analyzing the script suggests that this is because the data that I POST is then being POSTed again. But what I don't quite understand is, why does this interfere with the Ajax request?

Secondly, I was under the impression that pretty much any non-secure server that uses cookies is vulnerable to session hijacking simply by copying another user's cookies. But then I've recently learned that this isn't quite true - there's another factor. I suppose there's the browser, the IP address, the referrer that could all be factors… what else?