Web Application Security
whitepaper: Identifier based XSSI attacks Apr 20 2015 05:08AM
Takeshi Terada (mbsdtest01 gmail com)
Hello list members,

We released a new technical whitepaper titled:
"Identifier based XSSI attacks"


Some new attack techniques and browser vulnerabilities regarding XSSI
(Cross-Site Script Inclusion) are explained. In the attacks, a method
of treating data as a client side script's identifier was employed to
steal the cross-origin data such as CSV, JSON and so on.

Relevant CVE numbers:
CVE-2014-6345, CVE-2014-7939

Other white papers released last year are available here:

- Attacking Android browsers via intent scheme URLs

- FilterExpression Injection attacks against ASP.NET applications

Takeshi Terada @ Mitsui Bussan Secure Directions, Inc.

This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus