Now just combine this with a snazzy XSS virus, so I can have another good
reason to turn this monitor off and go read a book:)
Very impressive, Amit...
~Dain White
-----Original Message-----
From: Jeremiah Grossman [mailto:jeremiah@whitehatsec.com]
Sent: Friday, October 14, 2005 11:15 AM
To: Amit Klein (AKsecurity)
Cc: websecurity@webappsec.org; webappsec@securityfocus.com
Subject: Re: [WEB SECURITY] Importing large code piece into Javascript
context without SCRIPT SRC=...
On Oct 14, 2005, at 11:05 AM, Amit Klein (AKsecurity) wrote:
On 14 Oct 2005 at 10:56, Jeremiah Grossman wrote:
Admittedly, I was a bit confused by what your trying to achieve with
code. So sticking the question at hand...
"Importing large code piece into Javascript context without SCRIPT
SRC" ...
I take to do not use the HTML syntax... <script src="http://foo/
file.js"></script>
Here's an idea..
1) DOM Programming
var js = document.createElement('script');
js.setAttribute('src', 'http://foo/file.js');
document.body.appendChild(js);
* same effect, but different style.
Not fair ;-)
This will not be allowed (I supposed) by Content-Restrictions that
specify no external code
(see the link in my original writeup). I think (hope...) that the
Content-Restrictions
would apply to any JS executed, and to dynamically created HTMLs
(such as the above).
And there's also a Content-Restriction against creating/modifying
HTML nodes.
But yes, I suppose I should have clarified this. So thanks!
Oh ok, I see what you've done here now. This is quite clever. You're
basically using the IFRAME URL as a source for receiving JS code,
which you evaluate later when it becomes available. Nice.
In my Phishing w/ Superbait talk, I used a similar technique in
reverse to pass large amounts of data off-domain. 2K blocks at a time.
Regards,
Jeremiah-
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
