[WEB SECURITY] Cross-Site Scripting attacks via redirectors

Arshan Dabirsiaghi arshan.dabirsiaghi at aspectsecurity.com
Tue Aug 4 17:33:26 EDT 2009


While we all greatly appreciate your intent you should know that this information is already well-documented in Google's Browser Security Handbook:

http://code.google.com/p/browsersec/wiki/Part2#Redirection_restrictions <http://code.google.com/p/browsersec/wiki/Part2#Redirection_restrictions> 
 
If I were you I would become very familiar with that body of work before further research into similar areas. 
 
Cheers,
Arshan

________________________________

From: MustLive [mailto:mustlive at websecurity.com.ua]
Sent: Tue 8/4/2009 4:31 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Cross-Site Scripting attacks via redirectors



Hello participants of Mailing List.

At the end of July I published my article Cross-Site Scripting attacks via
redirectors (http://websecurity.com.ua/3376/). And today I published English
version of my article (http://websecurity.com.ua/3386/).

In this article I wrote about using of redirectors in different browsers for
conducting of Cross-Site Scripting attacks.

In the article I wrote about XSS attacks in location-header and
refresh-header redirectors in different browsers: Mozilla 1.7.x, Mozilla
Firefox, Internet Explorer (IE6), Opera and Google Chrome. I'm also waiting
for information from one man, who are checking all mentioned in article
vulnerabilities in other browsers, so when there will be new information
(about other affected browsers), I'll add it to my article.

You can read the article Cross-Site Scripting attacks via redirectors at my
site: http://websecurity.com.ua/3386/

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua <http://websecurity.com.ua/> 


!DSPAM:4a789ad9116761201011788!



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090804/0768237d/attachment.html>


More information about the websecurity mailing list