Full Disclosure mailing list archives
Re: Cross Domain XMLHttpRequest
From: Stefan Esser <sesser () hardened-php net>
Date: Sun, 15 Apr 2007 22:47:00 +0200
Hello,
Thanks for showing this vulnerability :) In fact it was not supposed to be safe, but now it shoud be :) You are right this is not a
adding
if(strstr($_GET['url'],"file:"))
die;
is not safe at all...
Regard,
Stefan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest ascii (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Stefan Esser (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Zalewski (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest Michal Majchrowicz (Apr 15)
- Re: Cross Domain XMLHttpRequest ascii (Apr 15)
