Jump to content
hari

The Extended HTML Form attack

By hari, in Exploituri

Recommended Posts

hari Newbie

hari

Posted
Posted

Un prieten de-al meu a publicat zilele astea un paper interesant intitulat "The Extended HTML Form attack". Il gasiti aici http://resources.enablesecurity.com/resources/the%20extended%20html%20form%20attack%20revisited.pdf

Idea de baza este sa faci XSS (cross site scripting) folosind alte protocoale decat HTTP. De exemplu IMAP, daca nu intelege o comanda face echo la gresela si este perfect pt. XSS.

Este destul de interesant paper-ul si are si un exemplu de XSS pentru Yahoo.

Nu stiu cat o sa mai functioneze, functiona cand am testat eu.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...