mailing list archives
Re: http-cors, new NSE script for detecting cross-origin http access
From: David Fifield <david () bamsoftware com>
Date: Mon, 3 Oct 2011 23:28:43 -0700
On Sat, Jun 18, 2011 at 06:44:35PM +0300, Toni Ruottu wrote:
To clarify a bit, you would not want your intranet services to be
cross-origin accessible, as any one of your users websites could in
that case access them. For example you do not want to provide an
interfaces that lets evilhaxor.net modify your firewall settings. In
most cases it is perfectly ok for world readable/writable interfaces
to be cross-origin accessible.
This script is a nice idea. It's like http-methods for cross-origin
requests. I've committed it.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Re: http-cors, new NSE script for detecting cross-origin http access David Fifield (Oct 04)