Cross site form post with external site on different domain

We're intergrating our site with an external site using form posts.开发者_开发知识库 The form on our page will submit to extenal site on a different domain. Is this even possible? I thought that would be an injection attack.

Yes it should be possible. Make sure you have enough validations in place so that you dont post harmfull data (and you are not held responsible) also I hope the other party has some server side validation as well.

You probably want to learn more about the same-origin policy, this is the best writeup I have found: http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy

There is a type of vulnerability is called Cross Site Request Forgeries or XSRF. XSRF has nothing to do with the type of data, but rather that the request originates from a different server. http://www.owasp.org/index.php/XSRF

Here is an XSRF exploit POST request that I wrote: http://www.exploit-db.com/exploits/7922/ This javascript is used to automatically fire off a form when the page is viewed:

<script>document.getElementById(1).submit();</script>