Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Traversing the Web (the javascript way)
From: "pdp (architect)" <pdp.gnucitizen () googlemail com>
Date: Tue, 10 Oct 2006 14:59:55 +0800


The paper that explains the nature of the JavaScript SPIDER can be
found at the location above. In this article I am take the concept of
request proxies further by showing how attackers can use them to write
JavaScript code that can bypass the same origin restriction. You might
be a bit confused with the point of this exercise. I agree that there
are quite a lot of tutorials and frameworks that go into depth of this
subject, however I am the implementation here is a bit different.

This technique together with Google AJAX Search API can be used by
JavaScript based worms to propagate outside of the current domain.

If you have any ideas of how to improve this technique or how to
prevent it from happening, don't hesitate to leave a comment.

pdp (architect)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Traversing the Web (the javascript way) pdp (architect) (Oct 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]