[Owasp-turkey] XHR veya ActionScript ile Cookie Basligi Eklenebiliyor mu? Sorusu

Bedirhan Urgun bedirhanurgun at gmail.com
Tue Sep 8 04:40:58 EDT 2009


Merhaba arkadaslar,
Basliktaki konu hakkinda demin biraz arama yaptim. Yeni update'ler ile pek
mumkun durmuyor ama bir yontemini bilen varsa duymak isterim.
*Flash Player:*
http://kb2.adobe.com/cps/403/kb403030.html (sayfadaki diger bilgiler de iyi)

*Starting with Flash Player 9.0.115, the following headers are blocked:
**Note: These changes were also made in corresponding security releases for
Flash Player 7 and 8. *
*headers: *
*CONNECT
Cookie
HEAD
Request-Range
Authorization
Proxy-Connection *

*XHR:*
http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/

*For security reasons, these steps should be terminated if header is an
ASCII case-insensitive match for one of the following headers:*
*Accept-Charset
Accept-Encoding
Connection
Content-Length
Cookie
Cookie2 *
...

En son asagidaki gibi bir bilgi var ama eski;

http://sirdarckcat.blogspot.com/2008/01/exploiting-xss-vulnerabilities-on.html


-- 
Bedirhan Urgun
http://www.webguvenligi.org
-------------- sonraki bölüm --------------
Bir HTML eklentisi temizlendi...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20090908/ac8f0cb3/attachment.html 


More information about the Owasp-turkey mailing list