WebApp Sec mailing list archives
RE: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=...
From: "dpw" <dainw () fsr com>
Date: Fri, 14 Oct 2005 11:32:10 -0700
Now just combine this with a snazzy XSS virus, so I can have another good reason to turn this monitor off and go read a book:) Very impressive, Amit... ~Dain White -----Original Message----- From: Jeremiah Grossman [mailto:jeremiah () whitehatsec com] Sent: Friday, October 14, 2005 11:15 AM To: Amit Klein (AKsecurity) Cc: websecurity () webappsec org; webappsec () securityfocus com Subject: Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... On Oct 14, 2005, at 11:05 AM, Amit Klein (AKsecurity) wrote:
On 14 Oct 2005 at 10:56, Jeremiah Grossman wrote:Admittedly, I was a bit confused by what your trying to achieve with code. So sticking the question at hand... "Importing large code piece into Javascript context without SCRIPT SRC" ... I take to do not use the HTML syntax... <script src="http://foo/ file.js"></script> Here's an idea.. 1) DOM Programming var js = document.createElement('script'); js.setAttribute('src', 'http://foo/file.js'); document.body.appendChild(js); * same effect, but different style.Not fair ;-) This will not be allowed (I supposed) by Content-Restrictions that specify no external code (see the link in my original writeup). I think (hope...) that the Content-Restrictions would apply to any JS executed, and to dynamically created HTMLs (such as the above). And there's also a Content-Restriction against creating/modifying HTML nodes. But yes, I suppose I should have clarified this. So thanks!
Oh ok, I see what you've done here now. This is quite clever. You're basically using the IFRAME URL as a source for receiving JS code, which you evaluate later when it becomes available. Nice. In my Phishing w/ Superbait talk, I used a similar technique in reverse to pass large amounts of data off-domain. 2K blocks at a time. Regards, Jeremiah- --------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/
Current thread:
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Jeremiah Grossman (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Amit Klein (AKsecurity) (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Jeremiah Grossman (Oct 14)
- RE: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... dpw (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Amit Klein (AKsecurity) (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Jeremiah Grossman (Oct 14)
- Re: [WEB SECURITY] Importing large code piece into Javascript context without SCRIPT SRC=... Amit Klein (AKsecurity) (Oct 14)