Vulnerability Development mailing list archives
Re: cross site exploits
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Sun, 17 Dec 2000 16:33:56 +0100
On Sun, 17 Dec 2000, Lincoln Yeoh wrote:
HTTP-Referer can help, but less so if the attacks can be placed on your site.
Can be in most cases. Any verbose error messages coming from scripts ("unable to parse query <blahblah>"), verbose "not found" pages ("cannot access <blahblah>") and so on - everywhere attacker might insert external html code to launch frame or so with "good looking" http-referer. -- _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =--=> Did you know that clones never use mirrors? <=--=
Current thread:
- cross site exploits vijay verma (Dec 13)
- Re: cross site exploits J Edgar Hoover (Dec 15)
- Re: cross site exploits Bluefish (P.Magnusson) (Dec 17)
- Message not available
- Re: cross site exploits Lincoln Yeoh (Dec 18)
- Re: cross site exploits Michal Zalewski (Dec 18)
- Re: cross site exploits Lincoln Yeoh (Dec 18)