Full Disclosure mailing list archives
Re: Cross Domain XMLHttpRequest
From: "Michal Majchrowicz" <m.majchrowicz () gmail com>
Date: Sun, 15 Apr 2007 23:00:42 +0200
Hi, Thanks for suggestion. Please try it now :) But as I said before this script WASN'T INTENDED to be safe at all :) I wanted to show that it is posssible to perform some kind of Cross Domain Requests. Thats all :) Regards Michal. On 4/15/07, Stefan Esser <sesser () hardened-php net> wrote:
Hello,Thanks for showing this vulnerability :) In fact it was not supposed to be safe, but now it shoud be :) You are right this is not aadding if(strstr($_GET['url'],"file:")) die; is not safe at all... Regard, Stefan
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest ascii (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Stefan Esser (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Zalewski (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest ascii (Apr 15)