Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnwatch mailing list archives

Cross Domain XMLHttpRequest
From: "Michal Majchrowicz" <m.majchrowicz () gmail com>
Date: Sun, 15 Apr 2007 21:14:43 +0200
Due to "security reasons" many Web Browsers doesn't allow cross
domain XMLHttpRequests. In fact this is only troublesome for web
developers and not for virus coders/crackers/etc. Some time ago there
was presetened a technic which used cssText property to perform some
cross domain requests. After some research I was able to create an
object that has some part of original XMLHttpRequests functionality
and allows Cross Domain requests. In conclusion Web Browers
Developpers should allow some limited cross domain XMLHttpRequests. My
implementation (MyXMLHttpRequest) uses script tag but it is possible
to use different ones (for instance style). It was tested on all
modern web browsers.
PoC: http://sectroyer.110mb.com/
It uses both XMLHttpRequest and MyXMLHttpRequests.
Michal Majchrowicz.

  By Date           By Thread  

Current thread:
  • Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]