The web is full of security vulnerabilities, I'm going to describe some in my blog
Here's a one that most developers are not aware of it's called CSRF (Cross-Site request forgery)
It's not a very common one but easily can be deadly.
Unlike other security vulnerabilities that usually exploit the fact a user has some permissions to a specific site , this one depends on a simple fact that a site trust's a user's browser.
Trusting the user browser means that a web site will trust the browser's cookies without questioning the source of the cookies, very similar to session hijacking.
Meaning is that if someone post a request to a site using your browser the site will accept this request , no questions asked.
For example: a request to charge an order to an e-commerce site will look like this : http://some-site.com/checkout.aspx?orderNumber=12345
this site will checkout the following order to a customer which it's details are stored in a cookie. basically anyone that uses this browser on the victim computer will just navigate to the site
and the order will be checked out. Keep in mind that the order details include the shipping details.
Ok, so sitting on the same PC is not exactly hacking, but check this out:
Let's say the hacker posts an message on a popular forum that will include a 1px image. Here's the image's HTML:
Now when the victim reads the post the browser submit a request to the server using the browser's cookie (if the cookie has not expired) and there you go!
The hacker completed an order while using the victim credentials!
Here's a summary :
So what can be done?
Like most web vulnerabilities, CSRF is very easy to solve:
1. Consider creating an HTTP handler / module that will make sure that the HTTP referrer has not changed in the session
2. Limit the lifetime of your cookies
3. Double check / validate the user using a password popup and etc
Wikipedia describes the vulnerability pretty straight-forward here
You can find an Hebrew article that describe it in more detail here