Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection
From: Tim Brown <netsys () machine org uk>
Date: Sat, 28 Jan 2006 12:52:46 +0000

Hi,

I've just released a paper (to be found at 
http://www.nth-dimension.org.uk/news/entry.php?e=156579087) which covers two 
issues with Javascript injection that I've recently been playing with.  That 
of Javascript injection via CSS manipulation and further more the use of AJAX 
within injection points.  I realise that perhaps neither are massively new 
(certainly the MySpace worm touches on the AJAX issues discussed) but I found 
it interesting and hope others may do too.

Tim
-- 
Tim Brown
<mailto:tmb () 65535 com>

-- 
Tim Brown
<mailto:netsys () machine org uk>
<http://www.machine.org.uk/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection Tim Brown (Jan 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault