Am 30.09.2008 um 19:20 schrieb Ashley:
On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:
"attackers can use POST"
This is possible due to the fact that flash movies can send any
request to a server.
You can achieve this even with a XMLHTTPRequest.
If scripting is involved that makes it a XSS attack instead, though.
No?
-Ashley
I was wrong about the XMLHttprequest. Posting to another server is not
possible as of the same origin policy.
But flash movies can send post request to a different server without
user interaction.
XSS is more like posting a javascript snippet to a facebook wall which
does some javascript actions in the context of the user who opens that
wall.
cheers,
moritz
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
