Full Disclosure mailing list archives
Re: [WEB SECURITY] RE: new attack technique? using JavaScript+XML+OWSPost Data
From: Gaurav Kumar <gaurav () securebox org>
Date: Thu, 22 Dec 2005 13:45:41 +0530
Not Exactly !! I wud rather suggest you to do a little more research and draw any conclusion. Keep those _Security Zones_ in mind before you post anything...
I did the research on Windows XP SP2 The script with ActiceX and XML was uploaded to http://www.geocities.com/gaurav_e2/exp.html The screenshot at the following URL shows the note.xml placed at C:\ while the ethereal is showing POSTing the data to attacker's site. http://rapidshare.de/files/9619254/gaurav_kumar.JPG.html Clearly geocities.com is in Internet zone. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: new attack technique? usingJavaScript+XML+OWSPost Data, (continued)
- RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- RE: new attack technique? usingJavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- RE: new attack technique? using JavaScript+XML+OWSPost Data Debasis Mohanty (Dec 22)
- Re: new attack technique? using JavaScript+XML+OWSPost Data Test Drive (Dec 22)
- Broadcast storm in my network/ any ideas wilder_jeff Wilder (Dec 22)
- Re: Broadcast storm in my network/ any ideas 3APA3A (Dec 22)
- Re: Broadcast storm in my network/ any ideas TheGesus (Dec 22)
- Re: Broadcast storm in my network/ any ideas J.A. Terranson (Dec 22)
- Re: new attack technique? usingJavaScript+XML+OWSPost Data Morning Wood (Dec 22)
- Re: new attack technique? usingJavaScript+XML+OWSPost Data Abhisek Datta (Dec 22)
- Re: [WEB SECURITY] RE: new attack technique? using JavaScript+XML+OWSPost Data Gaurav Kumar (Dec 22)