WebApp Sec mailing list archives
whitepaper: Identifier based XSSI attacks
From: Takeshi Terada <mbsdtest01 () gmail com>
Date: Mon, 20 Apr 2015 14:08:47 +0900
Hello list members, We released a new technical whitepaper titled: "Identifier based XSSI attacks" URL: http://www.mbsd.jp/Whitepaper/xssi.pdf Summary: Some new attack techniques and browser vulnerabilities regarding XSSI (Cross-Site Script Inclusion) are explained. In the attacks, a method of treating data as a client side script's identifier was employed to steal the cross-origin data such as CSV, JSON and so on. Relevant CVE numbers: CVE-2014-6345, CVE-2014-7939 Other white papers released last year are available here: http://www.mbsd.jp/insight.html - Attacking Android browsers via intent scheme URLs http://www.mbsd.jp/Whitepaper/IntentScheme.pdf - FilterExpression Injection attacks against ASP.NET applications http://www.mbsd.jp/Whitepaper/FilterExpression.pdf -- Takeshi Terada @ Mitsui Bussan Secure Directions, Inc. This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- whitepaper: Identifier based XSSI attacks Takeshi Terada (Apr 20)