Re: Anti XSS AJAX

To: Fady Anwar <fady.anwar@xxxxxxxxx>
Subject: Re: Anti XSS AJAX
From: Ronald Chmara <ron@xxxxxxxxx>
Date: Fri, 27 Jul 2007 23:39:22 -0700
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <933c706e0707260228k79f89876xcd60f882275007ee@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <933c706e0707260228k79f89876xcd60f882275007ee@xxxxxxxxxxxxxx>


On Jul 26, 2007, at 2:28 AM, Fady Anwar wrote:

A white paper about how to counter attack XSS attacks using AJAX
programming techniques
http://barmagy.com/blogs/infinite_loop/archive/2007/07/20/498.aspx


Failed assumptions = Flawed solutions.

Signing <script> tags? Ow.  LOL. Ow.

See:
http://ha.ckers.org/xss.html

While you're there, learn how to forge GET/POST requests.

-Bop

References:
- Anti XSS AJAX
  - From: Fady Anwar

Prev by Date: TSLSA-2007-0023 - multi
Next by Date: SuskunDuygular - yelik Sistemi v.1 Sql
Previous by thread: Anti XSS AJAX
Next by thread: Berthanas Ziyaretci Defteri v2.0 (tr) Sql
Index(es):
- Date
- Thread