[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection
From: Tim Brown <netsys@xxxxxxxxxxxxxx>
Date: Sat, 28 Jan 2006 12:52:46 +0000

Hi,

I've just released a paper (to be found at 
http://www.nth-dimension.org.uk/news/entry.php?e=156579087) which covers two 
issues with Javascript injection that I've recently been playing with.  That 
of Javascript injection via CSS manipulation and further more the use of AJAX 
within injection points.  I realise that perhaps neither are massively new 
(certainly the MySpace worm touches on the AJAX issues discussed) but I found 
it interesting and hope others may do too.

Tim
-- 
Tim Brown
<mailto:tmb@xxxxxxxxx>

-- 
Tim Brown
<mailto:netsys@xxxxxxxxxxxxxx>
<http://www.machine.org.uk/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] about uncovering skype
Next by Date: [Full-disclosure] Can Someone Tell Me What This Is?
Previous by thread: [Full-disclosure] about uncovering skype
Next by thread: [Full-disclosure] Can Someone Tell Me What This Is?
Index(es):
- Date
- Thread