Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Cross domain?
Posted by: Lofet
Date: March 27, 2010 05:24PM

When does it become possible that an XSS flaw on one site effects other sites on the same server?

Options: ReplyQuote
Re: Cross domain?
Posted by: sleekMak
Date: March 31, 2010 02:06AM

1. When both sites share a common space without extra security measures.
2. If 'A' site is Trusted and authorized for 'B' site.

and more

Options: ReplyQuote
Re: Cross domain?
Posted by: Lofet
Date: April 01, 2010 02:32PM

Care to elaborate on those points sleekMak? By common space I'm guessing you mean by the same server?

Options: ReplyQuote
Re: Cross domain?
Posted by: sleekMak
Date: April 06, 2010 03:53AM

Lofet Wrote:
-------------------------------------------------------
> Care to elaborate on those points sleekMak? By
> common space I'm guessing you mean by the same
> server?

Near to the point,
Logically same space indicates the same directory or folder,
Physically like same server.

I am not sure, but believe some tricks would break the extra measures like in NTFS and *nix.

If some sites are kept on a same directory, flaws in one web page would certainly ruin the next page. it would be same like a script modifying multiple files. isn't it ?

Options: ReplyQuote


Sorry, only registered users may post in this forum.