Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Misunderstanding Javascript injection: A paper on web

from [Tim Brown] Network Security [Permanent Link]
Subject: [Full-disclosure] Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection
Date: Sat, 28 Jan 2006 12:52:46 +0000 
Hi,

I've just released a paper (to be found at 
http://www.nth-dimension.org.uk/news/entry.php?e=156579087) which covers two 
issues with Javascript injection that I've recently been playing with.  That 
of Javascript injection via CSS manipulation and further more the use of AJAX 
within injection points.  I realise that perhaps neither are massively new 
(certainly the MySpace worm touches on the AJAX issues discussed) but I found 
it interesting and hope others may do too.

Tim
-- 
Tim Brown
<mailto:tmb@65535.com>

-- 
Tim Brown
<mailto:netsys@machine.org.uk>
<http://www.machine.org.uk/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection, Tim Brown <=
Previous by Date:  [Full-disclosure] about uncovering skype, BOUTHORS Nicolas
Next by Date:  [Full-disclosure] Can Someone Tell Me What This Is?, y0himba
Previous by Thread:  [Full-disclosure] about uncovering skype, BOUTHORS Nicolas
Next by Thread:  [Full-disclosure] Can Someone Tell Me What This Is?, y0himba
Indexes:  [Date] [Thread] [Top] [All Lists]