Reputation: 2315
Cross site form post with external site on different domain
We're intergrating our site with an external site using form posts. The form on our page will submit to extenal site on a different domain. Is this even possible? I thought that would be an injection attack.
Upvotes: 2
Views: 5394
Answers (3)
Reputation: 67019
There is a type of vulnerability is called Cross Site Request Forgeries or XSRF. XSRF has nothing to do with the type of data, but rather that the request originates from a different server. http://www.owasp.org/index.php/XSRF
Here is an XSRF exploit POST request that I wrote: http://www.exploit-db.com/exploits/7922/ This javascript is used to automatically fire off a form when the page is viewed:
<script>document.getElementById(1).submit();</script>
Upvotes: 0
Reputation: 437
You probably want to learn more about the same-origin policy, this is the best writeup I have found: http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
Upvotes: 0
Reputation: 23016
Yes it should be possible. Make sure you have enough validations in place so that you dont post harmfull data (and you are not held responsible) also I hope the other party has some server side validation as well.
Upvotes: 4
Related Questions
- how to enable cross domain POST-ing in PHP?
- Cross server form data to be sent in a secure way
- Form Cross domain POST request using PHP
- Sending $_POST data to other domain
- Cross Domain Http Post data
- HTML Form POST Cross Domain
- asp.net accepting form posts from another domain
- Asp.net Cross Domain Form Posting
- Cross-domain POST with integrated security
- How to post a form across subdomains