-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Danny wrote:
> Hi ,
>
> I read your article , but since I am not at all at home when scripting
> comes up,I still am wondering what this issue is exactly.
>
My web-foo is not that strong either.
Bart van Arnhem made a much better example in IE than I
Hi ,
I read your article , but since I am not at
all at home when scripting comes up,I still am wondering what this issue is
exactly.
Could you give me an example as to clarify
things for a non – English speaking fella?
Also ,what is this “file input box”?Are
these the boxes in forms whe
Here is another proof of concept for IE only, it allows the characters
to be entered in a arbitrary order, since it repositions the caret to
make the characters drop in the right place.
Just open this HTML in IE and bash on the keyboard a bit.
- Bart
var targetFile = "c
On 6/7/06, Michel Lemay <[EMAIL PROTECTED]> wrote:
Would it be possible to use a similar technique to generate an URL with
query parameters containing user keystrokes? This URL could then be
submitted to any compromised website. The attacker could then look into
logs and have a peek at theses s
Would it be possible to use a similar technique to generate
an URL with query parameters containing user keystrokes? This URL could then
be submitted to any compromised website. The attacker could then look into
logs and have a peek at theses submitted requests.
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey all,
aside from the new file upload vulnerability in Firefox 1.5.0.3 and
below, I discovered two others a year ago (one in IE, the other in
Firefox) in the same component. I'm a little obsessed with the file
input widget.
Since then i've manage
