WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

whitepaper: Identifier based XSSI attacks

From: Takeshi Terada <mbsdtest01 () gmail com>
Date: Mon, 20 Apr 2015 14:08:47 +0900
Hello list members,

We released a new technical whitepaper titled:
"Identifier based XSSI attacks"

URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf

Summary:
Some new attack techniques and browser vulnerabilities regarding XSSI
(Cross-Site Script Inclusion) are explained. In the attacks, a method
of treating data as a client side script's identifier was employed to
steal the cross-origin data such as CSV, JSON and so on.

Relevant CVE numbers:
CVE-2014-6345, CVE-2014-7939

Other white papers released last year are available here:
http://www.mbsd.jp/insight.html

- Attacking Android browsers via intent scheme URLs
  http://www.mbsd.jp/Whitepaper/IntentScheme.pdf

- FilterExpression Injection attacks against ASP.NET applications
  http://www.mbsd.jp/Whitepaper/FilterExpression.pdf

--
Takeshi Terada @ Mitsui Bussan Secure Directions, Inc.



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: