[WEB SECURITY] Cross domain access using JavaScript document.referrer

Kanatoko anvil at jumperz.net
Thu Dec 21 17:13:51 EST 2006


Amit wrote:
> You're right in stating that this is a "cross domain access 
> technique", but I wouldn't say that this is a cross domain vulnerability.

Yes, this is not a vulnerability.

Two domains need to cooperate each other, like Flash, JSONP,
IFrameProxy(using fragmentIdentifier).

I'm sorry if this is a off-topic to this list.

-- 
Kanatoko<anvil at jumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list