|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: TRACE used to increase the dangerous of XSS.
Date: Thu Jan 23 2003 - 10:26:01 EST
So how do you propose fixing this issue?
My solution is to remove TRACE support from XMLHTTP.
Richard
-----Original Message-----
From: Thor Larholm [mailto:thor@pivx.com]
Sent: Thursday, January 23, 2003 4:33 AM
To: Richard M. Smith; bugtraq@securityfocus.com;
webappsec@securityfocus.com; vulnwatch@vulnwatch.org
Subject: RE: TRACE used to increase the dangerous of XSS.
This is not a bug in IE or XMLHTTP, and the cookie is not returned as
part
of the HTTP response headers. It is returned as part of the HTTP
response
body, which is exactly how TRACE works. Manipulating the HTTP response
body
returned is the last thing XMLHTTP would, or should, do.
IE is not the only browser that has XMLHTTP, Mozilla implemented a fullyworking copy with the exact same behavior. Neither remove any Set-Cookie HTTP headers from the response exposed to scripting.
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
Latest PivX research: Multi-vendor Game Server DDoS Vulnerability http://www.pivx.com/press_releases/mk_mk001.html
-----Original Message-----
From: Richard M. Smith [mailto:rms@computerbytesman.com]
Sent: 22. januar 2003 23:35
To: bugtraq@securityfocus.com; webappsec@securityfocus.com;
vulnwatch@vulnwatch.org
Subject: RE: TRACE used to increase the dangerous of XSS.
Isn't this a bug in Internet Explorer? Shouldn't the Microsoft XMLHTTP ActiveX control be removing cookies from returned HTTP headers when a HTTP TRACE is done? I know that this already happens when a GET or a POST is done with XMLHTTP.
Richard M. Smith
http://www.ComputerBytesMan.com
Received on Thu Jan 23 10:39:53 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:47 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |