RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein
From: "Sergey V. Gordeychik" <gordey@xxxxxxxxxxxxx>
Date: Fri, 30 Sep 2005 10:00:55 +0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcXER/uqgRkqbBqXQEeqFERklU28qQBO78cg
Thread-topic: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein

Hi list.

I checked some ideas and think that reflected XSS in user-agent and
other http request headers fileds (cookies for example) can be exploited
via http request smuggling\splitting cache poisoning attacks using
described techniques.
So vendors who discard such vulnerabilities as not explotable should
take it into account. 

Regards,
Sergey V. Gordeychik,
MCSE, MCT, CISSP

Prev by Date: [SECURITY] [DSA 831-1] New mysql-dfsg packages fix arbitrary code execution
Next by Date: [USN-192-1] Squid vulnerability
Previous by thread: Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein
Next by thread: Hijacking Bluetooth Headsets for Fun and Profit?
Index(es):
- Date
- Thread