Full Disclosure mailing list archives

Re: Apple IOS security issue pre-advisory record

From: IA64 LOL <ia64lol () gmail com>
Date: Sat, 24 Mar 2012 13:21:12 -0700

everything is obvious after its pointed out.

On 03/24/12 11:23, Dave wrote:

On 24/03/2012 15:53, Valdis.Kletnieks () vt edu wrote:

On Sat, 24 Mar 2012 10:26:48 -0000, Dave said:

Doesn't the the -e, robots=off, --page-requisites and -H wget directives enable
one to collect all the necessary files that are called from a page?

No, not *all* the files, for the same reason that if you visit a page with
NoScript enabled, you may end up with missing content and/or big open spaces on
the page.

Consider a page that has Javascript on it:

todaysfile = "http://www.news-site.com/"; + date_as_string;
document.load(todaysfile);

Unless you interpret the javascript, you don't know what URL will get loaded,
because yesterday and tomorrow will get a different URL.  So basically,
if you try to pull it down with wget or similar, you will miss *all* the stuff
that's pulled down via Javascript (and probably via css as well - does wget
know how to follow CSS references?).  On many modern web designs,
this ends up being the vast majority of the content.


Thanks Valdis,

Some things are pretty obvious when pointed out.

Dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Apple IOS security issue pre-advisory record, (continued)
- - - Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Michal Zalewski (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
    - Re: Apple IOS security issue pre-advisory record rackow (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
    - Re: Apple IOS security issue pre-advisory record IA64 LOL (Mar 26)
    - Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 26)
    - Re: Apple IOS security issue pre-advisory record Charlie Derr (Mar 26)
    - Re: Apple IOS security issue pre-advisory record coderman (Mar 26)
    - Re: Apple IOS security issue pre-advisory record john doe (Mar 24)
    - Re: Apple IOS security issue pre-advisory record fulldisclosure (Mar 26)
    - Re: Apple IOS security issue pre-advisory record Thor (Hammer of God) (Mar 26)
    - Re: Apple IOS security issue pre-advisory record Aaron Toponce (Mar 26)