[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: whitepaper: Identifier based XSSI attacks
From: Takeshi Terada <mbsdtest01 () gmail ! com>
Date: 2015-04-20 5:08:47
Message-ID: CAJ5ndow-8MgJudTHAnazyoiC=X57Sj7-yuaAjo+98Xf-EJ6pbA () mail ! gmail ! com
[Download RAW message or body]
Hello list members,
We released a new technical whitepaper titled:
"Identifier based XSSI attacks"
URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf
Summary:
Some new attack techniques and browser vulnerabilities regarding XSSI
(Cross-Site Script Inclusion) are explained. In the attacks, a method
of treating data as a client side script's identifier was employed to
steal the cross-origin data such as CSV, JSON and so on.
Relevant CVE numbers:
CVE-2014-6345, CVE-2014-7939
Other white papers released last year are available here:
http://www.mbsd.jp/insight.html
- Attacking Android browsers via intent scheme URLs
http://www.mbsd.jp/Whitepaper/IntentScheme.pdf
- FilterExpression Injection attacks against ASP.NET applications
http://www.mbsd.jp/Whitepaper/FilterExpression.pdf
--
Takeshi Terada @ Mitsui Bussan Secure Directions, Inc.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic