[WEB SECURITY] cross-sub-domain xss/xfs/etc.
Evans, Arian
Arian.Evans at fishnetsecurity.com
Tue Dec 6 12:50:23 EST 2005
There have been a handful of people experimenting
with the ability to make cross-sub-domain requests
and have full access to the response. The best thread
that I've seen:
http://fettig.net/weblog/2005/11/28/how-to-make-xmlhttprequest-connections-to-another-server-in-your-d
omain/
Rather slick, especially if you are testing intranet
apps all within the same domain context.
It's interesting how many developers are clamoring
for full cross-domain access. :)
-ae
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list