Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
remote javascript data [?]
Posted by: Goudini
Date: April 07, 2008 12:07PM

Hi!
there's a site victim.com with some code like this:
<html>
<body>
<script type="text/javascript">
var foo = 1234567;
var bar = 7654321;
function ....
// some else code...
</script>
</body>
</html>

Can I load this variables (foo, bar) with help of javascript to use them on my page? If I try to do this like <script src="http://victim.com"></script> there are syntax errors..

Options: ReplyQuote
Re: remote javascript data [?]
Date: April 07, 2008 02:51PM

Unless "victim.com's" script is physically in its own remote file (most likely .js) then no. If you're not looking to access anything that would only appear when authenticated, or user-specific, you could set up a server-side script to connect to "victim.com", and retrieve the data, but it would only be useful in a few scenarios.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote


Sorry, only registered users may post in this forum.