mailing list archives
Re: recent 'cross site scripting' CERT advisory
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 9 Feb 2000 08:29:11 +0100
Taneli Huuskonen wrote:
Now, if trusted.com's
webserver refused to serve anything else but the index page unless the
Referer: field contained a trusted.com URL, this attack would be foiled.
Now, is there a way to trick a browser into lying about the referrer?
it is possible for DHTML to lie about the referer.
(I believe this was originally a post here on Bugtraq, but I might
be wrong; could be some other mailing list I'm on too..)
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Re: Bypass Virus Checking minus (Feb 03)
Re: Bypass Virus Checking salme () US IBM COM (Feb 02)
Re: Bypass Virus Checking Uwe Schurig (Feb 02)
Re: Bypass Virus Checking Neil Bortnak (Feb 02)
Re: Bypass Virus Checking Winkelmann, Brian (Feb 02)