BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Sep 27 2005 12:34PM
Yutaka OIWA (y oiwa aist go jp)
Hello Amit,

"Amit Klein (AKsecurity)" <aksecurity (at) hotpop (dot) com [email concealed]> writes:

> x.open("GET\thttp://www.target.site/page.cgi?parameters\tHTTP
> /1.0\r\nHost:\twww.target.site\r\nReferer:\thttp://www.target
> .site/somepath?somequery\r\n\r\nGET\thttp://nosuchhost/\tHTTP
> /1.0\r\nFoobar:","http://w...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus