Hosting Provided By

Re: [Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing

From: Thor Larholm <thor(at)pivx.com>
Date: Thu Jan 23 2003 - 10:04:19 EST

> From: "H D Moore" <sflist@digitaloffense.net>
> Although its definately an interesting way to compromise client-side

Isn't it great then to realize that XMLHTTP, in fact, can only interact with the site which served them - exactly as you desire?

The proxy features and XSS to arbitrary foreign sites examples that are demonstrated in this 'whitepaper' are merely demonstrations of already publicly known unpatched vulnerabilities in IE. They have nothing to do with any of the findings presented.

http://jscript.dk/2003/1/sec/xst-reply.txt

Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

Latest PivX research: Multi-vendor Game Server DDoS Vulnerability http://www.pivx.com/press_releases/mk_mk001.html Received on Thu Jan 23 10:30:41 2003

This message: [ Message body ]
Next message: Richard M. Smith: "RE: TRACE used to increase the dangerous of XSS."
Previous message: zeno: "Re: [Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing"
In reply to H D Moore: "Re: New Web Vulnerability - Cross-Site Tracing"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:47 EDT

Do you need help?