Recent content by matchu

Yeah, this is the reason why most modern sites implement CSRF protection with tokens instead of referers :/ There's a more thorough option that would keep us safe while still allowing all clients: find the specific actions we need to protect (like adventuring), rewrite all pages to include the...

An interesting security note: the path "desc_skill.php/../main.php?foo=bar" is improperly accepted by KoLMafia and resolved by the server to "main.php?foo=bar". However, I'm pretty sure that all modern browsers resolve URL paths before submitting them (I had to send the request via cURL rather...

Sweet deal. Thanks for all your hard work, bro :D

Hmm, good point on adventures—weird that so many things are CSRF-protected, but that one isn't. Then again, if KoL doesn't protect against it, it might not be our job to protect against it, anyway. It'd definitely be good, but, if we can't find a satisfactory solution that does so, it's not all...

Can a request to game.php be evil? Due to browsers' strict cross-domain security policies, I could create a frame to game.php, but I wouldn't be allowed to control that frame except to change its src all over again, in which case the original request to game.php was redundant. Are there...

Oh, ha, duhh. Yeah, I guess that's the one big, glaring case where no-Referer is important xD One fix would be to only allow no-Referer requests to game.php, but this is another case where I don't know enough about the relay browser to know if that's sufficient. Are there other Mafia features...

Quick preface: I'm assuming that Mafia validates Referer headers to ensure that evil.com can't send an evil request to the KoLMafia relay browser. Is that right? If there's some other reason, well, disregard the rest of this post, kthx :D If that's the intent of the security feature, then...