Web Application Security
whitepaper: Identifier based XSSI attacks Apr 20 2015 05:08AM
Takeshi Terada (mbsdtest01 gmail com)
Hello list members,

We released a new technical whitepaper titled:
"Identifier based XSSI attacks"

URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf

Summary:
Some new attack techniques and browser vulnerabilities regarding XSSI
(Cross-Site Script Inclusion) are explained. In the attacks, a method
of treating data as a client side script's identifier was employed to
steal the cross-origin data such as CSV, JSON and so on.

Relevant CVE numbers:
CVE-2014-6345, CVE-2014-7939

Other white papers released last year are available here:
http://www.mbsd.jp/insight.html

- Attacking Android browsers via intent scheme URLs
http://www.mbsd.jp/Whitepaper/IntentScheme.pdf

- FilterExpression Injection attacks against ASP.NET applications
http://www.mbsd.jp/Whitepaper/FilterExpression.pdf

--
Takeshi Terada @ Mitsui Bussan Secure Directions, Inc.

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus