Re: An IE Browser is EVEN exploitible on DSL Repor in

Re: An IE Browser is EVEN exploitible on DSL Repor in http://www.dslreports.com/forum/r7506766 en Tue, 24 Nov 2009 14:17:33 EDT Tue, 24 Nov 2009 14:17:33 EDT Re: An IE Browser is EVEN exploitible on DSL Repor http://www.dslreports.com/forum/remark,7507104 Marilla : I'm VERY busy this weekend, and as I noted in the thread, I've not used Javascript for much other than form validation and simply redirection of the browser... but when I get time, I'll work on a 'proof of concept' post in the forum you linked, NIL.

And btw, thank you for taking time out for this.. I, too, am very interested in the outcome since I run my own custom forum system myself; I thought I had taken care of a lot of malicious possible uses before... but we'll see

Perhaps someone will get to a 'proof of concept' before I do.. we'll just see.]]> http://www.dslreports.com/forum/remark,7507104 Sat, 26 Jul 2003 15:25:34 EDT Re: An IE Browser is EVEN exploitible on DSL Repor http://www.dslreports.com/forum/remark,7506784 nil : Okay, sure, why not.. There's one way to about it.. See my new post in the other thread.
--
Life is too short to be boring]]> http://www.dslreports.com/forum/remark,7506784 Sat, 26 Jul 2003 14:40:06 EDT Re: An IE Browser is EVEN exploitible on DSL Repor http://www.dslreports.com/forum/remark,7506766 Sarick : I would love to see both parties that debute over this some more. :)

One person says it's exploitible the other says it's not.

My problem is I can't argue with anyone I don't program Java Script.

A couple of people tend to think it's still open for debate. :)

I do miss your insite. After all it's my understanding that your head of this sites web design or have a lot of say on it's design and or performance. ;)

Like I said before I try to lock down my system as much as possible. Having an exploit install something is rare but I don't want to deal with to much paranoid issues that could cause brain damage. :)

Most of the exploits IE has are because it's so inter twind with the OS. I bet there are still many hacks not found in the wild in IE.]]> http://www.dslreports.com/forum/remark,7506766 Sat, 26 Jul 2003 14:36:38 EDT Re: An IE Browser is EVEN exploitible on DSL Repor http://www.dslreports.com/forum/remark,7506703 nil : JavaScript is client side.. hence all the various little tricks you can do with it only work for the person viewing the site.. so yes.. someone could insert an iframe that will display contents of /prof.. but guess whose you will view? Your own.. and you can't view someone elses..
--
Life is too short to be boring]]> http://www.dslreports.com/forum/remark,7506703 Sat, 26 Jul 2003 14:25:45 EDT Re: An IE Browser is EVEN exploitible on DSL Repor http://www.dslreports.com/forum/remark,7506680 Sarick :

said by nil :
Well.. it really doesn't..

As I explained in that thread.. dslr security is based on more than just the cookie so ability to execute arbitrary javascript isn't exactly a huge security hole.

No recheck the topic. A lot of new stuff got added. ]]> http://www.dslreports.com/forum/remark,7506680 Sat, 26 Jul 2003 14:22:20 EDT Re: An IE Browser is EVEN exploitible on DSL Repor http://www.dslreports.com/forum/remark,7506380 nil : Well.. it really doesn't..

As I explained in that thread.. dslr security is based on more than just the cookie so ability to execute arbitrary javascript isn't exactly a huge security hole.

--
Life is too short to be boring
[text was edited by author 2003-07-26 13:39:47]]]> http://www.dslreports.com/forum/remark,7506380 Sat, 26 Jul 2003 13:38:50 EDT An IE Browser is EVEN exploitible on DSL Reports http://www.dslreports.com/forum/remark,7506340 Sarick : I Ask about DSLreports and the possibility of a security risk from clicking on URL links.

»DSLreports Clicking a link in forums?

Turns out a lot of people didn't even know it existed..
[text was edited by author 2003-07-26 13:37:00]]]> http://www.dslreports.com/forum/remark,7506340 Sat, 26 Jul 2003 13:34:29 EDT