Bugtraq mailing list archives
RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein
From: "Sergey V. Gordeychik" <gordey () itsecurity ru>
Date: Fri, 30 Sep 2005 10:00:55 +0400
Hi list. I checked some ideas and think that reflected XSS in user-agent and other http request headers fileds (cookies for example) can be exploited via http request smuggling\splitting cache poisoning attacks using described techniques. So vendors who discard such vulnerabilities as not explotable should take it into account. Regards, Sergey V. Gordeychik, MCSE, MCT, CISSP
Current thread:
- "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Amit Klein (AKsecurity) (Sep 24)
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Yutaka OIWA (Sep 27)
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Amit Klein (AKsecurity) (Sep 28)
- <Possible follow-ups>
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein anonymous (Sep 27)
- RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Sergey V. Gordeychik (Sep 30)
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Yutaka OIWA (Sep 27)