THP Wisec USH DigitalBullets TheHackersPlace network

The WIse SECurity

.italian
.english

Wisec Home SecSearch Projects Papers Security Thoughts

News

Flash Application Testing: A New Vector for XSS and Cross Site Flashing.

IE and Firefox Digest Authentication Request Splitting.

Php import_req_var globals overwrite Advisory.

Subverting Ajax - The Paper.

Adobe Plugin Multiple Vulnerabilities.

Wisec@23rd.CCC Congress in Berlin - 29th Dec. 2006 - Subverting Ajax.

SecSearch. Search Engine for Security Community.

Mysql COM_TABLE_DUMP Flaws.

Mysql Anonymous login Flaw.

A new project to stop embed passwords in Php scripts: PassBroker.

MySQL new three vulnerabilities unleashed

PHP shmop safemode bypass

PHP RFC1867 Vuln - POC Released!

Search on Wisec

Security Thoughts

[ Back ]

Monday, March 28, 2011, 16:08

Abusing Referrer on Explorer for Referrer based DOM Xss

I don't really know if this is actually known, but I thought it was worth writing.

In a few words:
While other browsers do not allow particular charaters in sub domains, IE does. Hence it's possible to abuse that behavior to exploit referrer based DOM Xss.

..continue reading on Minded Security

Comments:

No comments yet.

Comments are disabled

Admin login | This weblog is from www.mylittlehomepage.net

Wisec is brought to you by...

Wisec is written and mantained by Stefano Di Paola.

Wisec uses open standards, including XHTML, CSS2, and XML-RPC.

All Rights Reserved 2004
All hosted messages and metadata are owned by their respective authors.