Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

De-anonymizer
From: Berend-Jan Wever <skylined () edup tudelft nl>
Date: 23 Apr 2002 10:26:12 -0000


I have "hacked" my way out of anonymizer with Cross-site 
scripting:
http://anon.free.anonymizer.com/http://spoor12.edup.tudelft.
nl/SkyLined/docs/de_anonymizer.labs.html

It uses a &lt;SCRIPT&gt; tag without a closing &lt;/SCRIPT&gt; tag to 
fool anonymizer into allowing an onError event to pass 
filters. This allows me to execute javascript with obvious 
security breaches.


Anonymizer was informed of the situation.

Kind regards,

Berend-Jan Wever
http://spoor12.edup.tudelft.nl

  By Date           By Thread  

Current thread:
  • De-anonymizer Berend-Jan Wever (Apr 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]