[prev in list] [next in list] [prev in thread] [next in thread]
List: vuln-dev
Subject: Re: cross site exploits
From: Michal Zalewski <lcamtuf () DIONE ! IDS ! PL>
Date: 2000-12-17 15:33:56
[Download RAW message or body]
On Sun, 17 Dec 2000, Lincoln Yeoh wrote:
> HTTP-Referer can help, but less so if the attacks can be placed on
> your site.
Can be in most cases. Any verbose error messages coming from scripts
("unable to parse query <blahblah>"), verbose "not found" pages ("cannot
access <blahblah>") and so on - everywhere attacker might insert external
html code to launch frame or so with "good looking" http-referer.
--
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic