The dark side of ajax
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: The dark side of ajax
- From: "Fady Anwar" <fady.anwar@xxxxxxxxx>
- Date: Fri, 13 Jul 2007 12:45:03 -0700
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=enP016VXkV3Qa0u+QyL2vUtpjWtXzyg2B170vdS5/q2rIhQir5nmkyYUMejm0sX1HVUCbHb6LIBKsxD7sf0QiMR/MDmSECrhYRQB3HX9kXP/6Wo5XTedQChCQNck9bUFSPqkiSTXKoYUxaFfGeeG6JbXoN3hwHbOqsfFcw+poT4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=SarkLlszzisfEnp4+dNoh4SwZXdLzgnJk0PGGyPvOMJI7jqXCvKy/FQ6Ihk4Xa857BND6uUVLPQbyQnlC54kV8+Ods6AyFZtF9/yR1rBIX40GDr3xWVaofc/mJQ41cnsYdWLEaCCtOyF7v7Qk4ffBzQSiQm0KO7mYp16VfMVyMY=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
A white paper about the possibility of ajax use in xss attacks
http://barmagy.com/blogs/infinite_loop/archive/2007/07/13/475.aspx
--
Fady Anwar