Bugtraq: Re: "Exploiting the XmlHttpRequest object in IE"

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein

From: anonymous () anonymous com
Date: 27 Sep 2005 03:19:23 -0000

Another way to spoof a Referer header using XMLHTTP is to do something like this:
xmlhttp.SetRequestHeader("Referer:", "http://some.referer.com";);

Note that the ':' after the Referer does the trick here.  If this is not present IE ignores this header.
Thanks!

By Date By Thread

Current thread:

"Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Amit Klein (AKsecurity) (Sep 24)
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Yutaka OIWA (Sep 27)
  - Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Amit Klein (AKsecurity) (Sep 28)
- <Possible follow-ups>
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein anonymous (Sep 27)
- RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Sergey V. Gordeychik (Sep 30)