subject:"\[Full\-disclosure\] Web 2.0 backdoors made easy with MSIE \& XMLHttpRequest"

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

2007-02-05 Thread Troy Cregger

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> The 2005 text does briefly mention "Accessing content / web-scanning" >> (take a look at Notes 1-3). >> >> So the problem is much older. Well, that's Micro$loth for ya. Amit Klein wrote: > Michal Zalewski wrote: >> On Sat, 3 Feb 2007, Michal Zal

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

2007-02-04 Thread Amit Klein

Michal Zalewski wrote: > On Sat, 3 Feb 2007, Michal Zalewski wrote: > > >> xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n";, "x",true); >> > > Funny enough, Paul Szabo was quick to point out that Amit Klein found the > same vector that I used here for client-side backdoors in May 2

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

2007-02-03 Thread James Matthews

Yes this is bad! On 2/3/07, Michal Zalewski <[EMAIL PROTECTED]> wrote: On Sat, 3 Feb 2007, Michal Zalewski wrote: > xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n";, "x",true); Funny enough, Paul Szabo was quick to point out that Amit Klein found the same vector that I used here for

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

2007-02-03 Thread Michal Zalewski

On Sun, 4 Feb 2007, Tyop? wrote: >> This is getting depressing. May 2006. > but not really surprising, yes? No, though this bug is truly remarkable in that a quick fix, I'm quite certain, amounts to changing "!= ' '" to "> ' '" in the code. That's two characters, and no chance for a negative imp

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

2007-02-03 Thread Tyop?

On 2/3/07, Michal Zalewski <[EMAIL PROTECTED]> wrote: > On Sat, 3 Feb 2007, Michal Zalewski wrote: >> xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n";, "x",true); > Funny enough, Paul Szabo was quick to point out that Amit Klein found the > same vector that I used here for client-side back

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

2007-02-03 Thread Michal Zalewski

On Sat, 3 Feb 2007, Michal Zalewski wrote: > xmlhttp.open("GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n";, "x",true); Funny enough, Paul Szabo was quick to point out that Amit Klein found the same vector that I used here for client-side backdoors in May 2006 (still not patched?! *shrieks in horror*)

[Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

2007-02-03 Thread Michal Zalewski

As you probably know, the famous "web 2.0" XMLHttpRequest object allows client-side web scripts to send nearly arbitrary HTTP requests, and then freely analyze and manipulate the returned response, including HTTP headers. This gives an unprecedented level of control over your browser to the author

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

Re: [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

[Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

7 matches

Site Navigation

Mail list logo

Footer information