[WEB SECURITY] Redirectors: the phantom menace

MustLive mustlive at websecurity.com.ua
Thu Sep 24 16:51:03 EDT 2009


Hello participants of Mailing List.

Earlier I wrote to the list about my article Redirectors: the phantom menace
(http://www.webappsec.org/lists/websecurity/archive/2009-09/msg00021.html).
And last week I wrote new article on this topic - Attacks via closed
redirectors (http://websecurity.com.ua/3531/), for which I made English 
version today. It this article I wrote about different variants of attacks 
via closed redirectors. It’s anthology of attacks with using of closed 
redirectors (as first article was anthology of attacks with using of open 
redirectors).

Attack via closed redirectors:

* Redirection.
* Bypass of spam-filters.
* Bypass of flash restrictions.
* XSS attack via jar: URI in Firefox.
* CSRF attacks on a site.
* Hidden attacks on other sites.
* Image leakage in Firefox.
* Denial of Service attacks.
* Cross-Site Scripting attacks.
* Bypass of protection filters.

You can read the article Attacks via closed redirectors at my site:
http://websecurity.com.ua/3531/

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list