|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jeremiah Grossman (jeremiah
whitehatsec.com)Date: Tue Oct 23 2001 - 13:27:59 CDT
in netscape:
view-source://URL
or in this case...
view-source://http://www.snowwinter.f2s.com/evil.html
Little trick some people are amused by.
Tony Welsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> CERT's explanation of Cross-Site woes...
>
> http://www.cert.org/advisories/CA-2000-02.html
>
> or if you want to see an auto-submitter using jscript in action go here (I
> wrote it as a proof of the concept to show someone who did not believe it
> was possible) and it works scarily well (aside from the 405 error when it
> tries to post to a static page) with no extra warnings etc.
>
> http://www.snowwinter.f2s.com/evil.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]