Bugtraq mailing list archives
De-anonymizer
From: Berend-Jan Wever <skylined () edup tudelft nl>
Date: 23 Apr 2002 10:26:12 -0000
I have "hacked" my way out of anonymizer with Cross-site scripting: http://anon.free.anonymizer.com/http://spoor12.edup.tudelft. nl/SkyLined/docs/de_anonymizer.labs.html It uses a <SCRIPT> tag without a closing </SCRIPT> tag to fool anonymizer into allowing an onError event to pass filters. This allows me to execute javascript with obvious security breaches. Anonymizer was informed of the situation. Kind regards, Berend-Jan Wever http://spoor12.edup.tudelft.nl
Current thread:
- De-anonymizer Berend-Jan Wever (Apr 24)