Re: Cross Domain XMLHttpRequest

[Stefan Esser <sesser () hardened-php net>]

Hello,

> Thanks for showing this vulnerability :) In fact it was not supposed
> to be safe, but now it shoud be :) You are right this is not a


adding
        if(strstr($_GET['url'],"file:"))
                die;
is not safe at all...

Regard,
Stefan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/