Full Disclosure mailing list archives
Traversing the Web (the javascript way)
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Tue, 10 Oct 2006 14:59:55 +0800
http://www.gnucitizen.org/blog/traversing-the-web/ The paper that explains the nature of the JavaScript SPIDER can be found at the location above. In this article I am take the concept of request proxies further by showing how attackers can use them to write JavaScript code that can bypass the same origin restriction. You might be a bit confused with the point of this exercise. I agree that there are quite a lot of tutorials and frameworks that go into depth of this subject, however I am the implementation here is a bit different. This technique together with Google AJAX Search API can be used by JavaScript based worms to propagate outside of the current domain. If you have any ideas of how to improve this technique or how to prevent it from happening, don't hesitate to leave a comment. -- pdp (architect) http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Traversing the Web (the javascript way) pdp (architect) (Oct 10)