Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: New Web Vulnerability - Cross-Site Tracing (fwd)

From: Gary Flynn <flynngn(at)jmu.edu>
Date: Thu Jan 23 2003 - 08:12:00 EST

Jeremiah Grossman wrote:
>
> The essential pieces that

So the essential pieces that require "full exploitation as you define" are:

script on a page
a trace supporting web target

and nothing else?

I was confused by your lead-in of "essential" and the inclusion of "domain-restriction-bypass flaw" with a "not essential" disclaimer.

thanks,

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

Received on Thu Jan 23 13:08:04 2003

This message: [ Message body ]
Next message: Kevin Spett: "Re: [VulnDiscuss] Re: TRACE used to increase the dangerous of XSS."
Previous message: Richard M. Smith: "RE: TRACE used to increase the dangerous of XSS."
In reply to Jeremiah Grossman: "Re: New Web Vulnerability - Cross-Site Tracing (fwd)"
Next in thread: Jeremiah Grossman: "Re: New Web Vulnerability - Cross-Site Tracing (fwd)"
Reply: Jeremiah Grossman: "Re: New Web Vulnerability - Cross-Site Tracing (fwd)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:47 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library