Full Disclosure mailing list archives
Re: Cross Domain XMLHttpRequest
From: Stefan Esser <sesser () hardened-php net>
Date: Sun, 15 Apr 2007 22:47:00 +0200
Hello,
Thanks for showing this vulnerability :) In fact it was not supposed to be safe, but now it shoud be :) You are right this is not a
adding if(strstr($_GET['url'],"file:")) die; is not safe at all... Regard, Stefan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest ascii (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Stefan Esser (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Zalewski (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest ascii (Apr 15)