Nmap Development mailing list archives
Re: http-cors, new NSE script for detecting cross-origin http access
From: David Fifield <david () bamsoftware com>
Date: Mon, 3 Oct 2011 23:28:43 -0700
On Sat, Jun 18, 2011 at 06:44:35PM +0300, Toni Ruottu wrote:
To clarify a bit, you would not want your intranet services to be cross-origin accessible, as any one of your users websites could in that case access them. For example you do not want to provide an interfaces that lets evilhaxor.net modify your firewall settings. In most cases it is perfectly ok for world readable/writable interfaces to be cross-origin accessible.
This script is a nice idea. It's like http-methods for cross-origin requests. I've committed it. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: http-cors, new NSE script for detecting cross-origin http access David Fifield (Oct 03)