Hi Brian, Hi Stefano, 

> Ok I see the difference. 
> You are taking advantage of a pure json CSRF with a evil script which
> contains a modified version of the Object prototype.
> And when the callback function is executed you use a XMLHttpRequest in
> order to send the information extracted by the instantiated object.

In the beginning of the paper there was a comment that the code that was 
presented was designed for use in Firefox but could be ported to IE or 
other browsers. However, since IE does not seem to have the setter methods 
(correct me if I am wrong), I did not quite find a way to achieve this in 
We tried several things such as replacing Array and Object constructor as 
well as as overriding eval, neither of which worked. Do you have any 
suggestions about how to port this attack to IE?

Btw, thanks for the papers.

Kind Regards,


Frederik De Keukelaere, Ph.D.
Post-Doc Researcher
IBM Research, Tokyo Research Laboratory
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to