64
Getting
Authentication Information to CarRentalInc
by an Unsolicited Response
(automatic forwarding of Response)
(automatic forwarding of Response)
Need
a car? Click here
AirlineInc.com
John Doe
1. https://www.AirlineInc.com/?
TARGET=https://www.CarRentalInc.com
CarRentalInc.com
2. HTML form
that is filled in with an encoded
Response plus JavaScript.
3. The
Response is automatically forwarded to https://www.CarRentalInc.com
John
Doe clicks on the link. It takes him
back to the airline service, which constructs a Response message and embeds it (encoded) within an HTML
form. The airline service responds
with this HTML form. The form contains
JavaScript which instructs the browser to automatically submit the form. Thus the car rental
service has John Doe "knocking on his door, with authentication papers in hand".
