Yes this is bad! On 2/3/07, Michal Zalewski <[EMAIL PROTECTED]> wrote:
On Sat, 3 Feb 2007, Michal Zalewski wrote: > xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n", "x",true); Funny enough, Paul Szabo was quick to point out that Amit Klein found the same vector that I used here for client-side backdoors in May 2006 (still not patched?! *shrieks in horror*), but for cache poisoning: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)" http://www.securityfocus.com/archive/1/434931 This is getting depressing. May 2006. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- http://www.goldwatches.com http://www.wazoozle.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/