om: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 25, 2005 5:15 AM
To: CF-Community
Subject: Re: using AJAX to spy on users
As promised some details on the security vulnerability I recently found.
It concerned the Blackboard Content System where users could upload
files with scr
As promised some details on the security vulnerability I recently found. It
concerned the Blackboard Content System where users could upload files with
scripting and then lure other users to those pages and hijack their blackboard
sessions and potentially steal their passwords using a specially
Does it have anything to do with DWR ( think thats the name of it)?
Adam H
On 8/12/05, Jochem van Dieten <[EMAIL PROTECTED]> wrote:
> Larry C. Lyons wrote:
> > Interesting, care to let us in on the secret.
>
> Then it wouldn't be a secret anymore :)
> I intend to publish before the end of the m
There's already a "Live HTTP Headers" plug-in for Firefox (I use it
daily) - I wonder if something like a "Zone Alarm" for Firefox or
something would sniff out XMLHttpRequest() activity and pop up a quick
message if a site is trying to use it, how it's being triggered, and
giving you the option
thanks Jochem, I'm looking forward to it.
On 8/12/05, Jochem van Dieten <[EMAIL PROTECTED]> wrote:
> Larry C. Lyons wrote:
> > Interesting, care to let us in on the secret.
>
> Then it wouldn't be a secret anymore :)
> I intend to publish before the end of the month.
>
> Jochem
>
>
~~
Larry C. Lyons wrote:
> Interesting, care to let us in on the secret.
Then it wouldn't be a secret anymore :)
I intend to publish before the end of the month.
Jochem
~|
Find out how CFTicket can increase your company's customer
Interesting, care to let us in on the secret.
larry
On 8/12/05, Jochem van Dieten <[EMAIL PROTECTED]> wrote:
> Larry C. Lyons wrote:
> >
> > While the XMLHttpRequest object and AJAX can provide huge user and
> > developer benefits, there are some issues you probably haven't thought
> > about yet
Larry C. Lyons wrote:
>
> While the XMLHttpRequest object and AJAX can provide huge user and
> developer benefits, there are some issues you probably haven't thought
> about yet but it's time everyone did.
LOL
I just send a security advisory to a certain company about how I hacked their
product
Larry C. Lyons wrote:
> With all the hype regarding AJAX, I thought the list would be
> interested in this article.
> :: Using the XMLHttpRequest Object and AJAX to Spy On You
> http://nl.internet.com/ct.html?rtr=on&s=1,1te7,1,4xj,ivwr,5c3o,5mhs
It's a good thing to keep thinking about, particular
With all the hype regarding AJAX, I thought the list would be
interested in this article.
forwarded from WebReference
:: Using the XMLHttpRequest Object and AJAX to Spy On You
While the XMLHttpRequest object and AJAX can provide huge user and
developer benefits, there are some issues you probabl
10 matches
Mail list logo