[WEB SECURITY] RE: [Full-disclosure] new attack technique? using JavaScript+XML+OWSPost Data

Gaurav Kumar gaurav at securebox.org
Thu Dec 22 03:15:41 EST 2005

> Not Exactly !! I wud rather suggest you to do a little more research and
> draw any conclusion. Keep those _Security Zones_ in mind before you post
> anything...
I did the research on Windows XP SP2

The script with ActiceX and XML was uploaded to
The screenshot at the following URL shows the note.xml placed at C:\
while the ethereal is showing POSTing the data to attacker's site.


Clearly geocities.com is in Internet zone.

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list