Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Traversing the Web (the javascript way)

From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Tue, 10 Oct 2006 14:59:55 +0800
http://www.gnucitizen.org/blog/traversing-the-web/

The paper that explains the nature of the JavaScript SPIDER can be
found at the location above. In this article I am take the concept of
request proxies further by showing how attackers can use them to write
JavaScript code that can bypass the same origin restriction. You might
be a bit confused with the point of this exercise. I agree that there
are quite a lot of tutorials and frameworks that go into depth of this
subject, however I am the implementation here is a bit different.

This technique together with Google AJAX Search API can be used by
JavaScript based worms to propagate outside of the current domain.

If you have any ideas of how to improve this technique or how to
prevent it from happening, don't hesitate to leave a comment.

-- 
pdp (architect)
http://www.gnucitizen.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: