[WEB SECURITY] (somewhat) breaking the same-origin policy by undermining dns-pinning

Kanatoko anvil at jumperz.net
Mon Dec 25 06:10:10 EST 2006


Martin Johns wrote: 
> This technique obviously can be automated. Instead of quitting the web
> server on attacker.org completely, dynamic firewall rules could be
> used to reject further connections from the victim's IP after the
> initial script was delivered.

I found that making browser access to a closed port ( like port 81 ) has
the same effect. ( Tested on IE6.0 )
I mean that using some URL like http://foo:81/.

I use this technique( closed port ) in my demo.
http://www.jumperz.net/index.php?i=2&a=1&b=7

-- 
Kanatoko<anvil at jumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list