Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cross Domain XMLHttpRequest

From: "Michal Majchrowicz" <m.majchrowicz () gmail com>
Date: Sun, 15 Apr 2007 23:00:42 +0200
Hi,
Thanks for suggestion. Please try it now :)
But as I said before this script WASN'T INTENDED to be safe at all :)
I wanted to show that it is posssible to perform some kind of Cross
Domain Requests. Thats all :)
Regards Michal.

On 4/15/07, Stefan Esser <sesser () hardened-php net> wrote:

Hello,


Thanks for showing this vulnerability :) In fact it was not supposed
to be safe, but now it shoud be :) You are right this is not a



adding
        if(strstr($_GET['url'],"file:"))
                die;
is not safe at all...

Regard,
Stefan




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: