lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Dec 22 08:15:49 2005 From: gaurav at securebox.org (Gaurav Kumar) Subject: [WEB SECURITY] RE: new attack technique? using JavaScript+XML+OWSPost Data > > Not Exactly !! I wud rather suggest you to do a little more research and > draw any conclusion. Keep those _Security Zones_ in mind before you post > anything... > > I did the research on Windows XP SP2 The script with ActiceX and XML was uploaded to http://www.geocities.com/gaurav_e2/exp.html The screenshot at the following URL shows the note.xml placed at C:\ while the ethereal is showing POSTing the data to attacker's site. http://rapidshare.de/files/9619254/gaurav_kumar.JPG.html Clearly geocities.com is in Internet zone.