Web Application Security
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: IE11 is not following CORS specification for local files Oct 07 2016 08:09PM
Ricardo Iramar dos Santos (riramar gmail com)
Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET th...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus