WebApp Sec mailing list archives
Re: New Web Vulnerability - Cross-Site Tracing (fwd)
From: Gary Flynn <flynngn () jmu edu>
Date: Thu, 23 Jan 2003 08:12:00 -0500
Jeremiah Grossman wrote: >
The essential pieces that are require for full exploitation as I define is... script on a page, domain-restriction-bypass flaw (not essential), and a trace supporting target.
So the essential pieces that require "full exploitation as you define" are: 1. script on a page 2. a trace supporting web target and nothing else? I was confused by your lead-in of "essential" and the inclusion of "domain-restriction-bypass flaw" with a "not essential" disclaimer. thanks, -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
Current thread:
- Re: New Web Vulnerability - Cross-Site Tracing (fwd) Marc Slemko (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing (fwd) Jeremiah Grossman (Jan 22)
- Re: New Web Vulnerability - Cross-Site Tracing (fwd) Gary Flynn (Jan 23)
- Re: New Web Vulnerability - Cross-Site Tracing (fwd) Jeremiah Grossman (Jan 22)