Re: An IE Browser is EVEN exploitible on DSL Repor

Author	All Replies
Sarick It's Only Logical Premium join:2003-06-03 USA ·FrontierNet Intern..	reply to nil Re: An IE Browser is EVEN exploitible on DSL Repor said by nil : Well.. it really doesn't.. As I explained in that thread.. dslr security is based on more than just the cookie so ability to execute arbitrary javascript isn't exactly a huge security hole. No recheck the topic. A lot of new stuff got added.
	to forum · permalink · · 2003-07-26 14:22:20 ·
nil Java Geek join:2000-11-27 Host: Webmasters and Dev.. Forum Feature Requ..	JavaScript is client side.. hence all the various little tricks you can do with it only work for the person viewing the site.. so yes.. someone could insert an iframe that will display contents of /prof.. but guess whose you will view? Your own.. and you can't view someone elses.. -- Life is too short to be boring
	to forum · permalink · · 2003-07-26 14:25:45 ·
Sarick It's Only Logical Premium join:2003-06-03 USA ·FrontierNet Intern..	I would love to see both parties that debute over this some more. One person says it's exploitible the other says it's not. My problem is I can't argue with anyone I don't program Java Script. A couple of people tend to think it's still open for debate. I do miss your insite. After all it's my understanding that your head of this sites web design or have a lot of say on it's design and or performance. Like I said before I try to lock down my system as much as possible. Having an exploit install something is rare but I don't want to deal with to much paranoid issues that could cause brain damage. Most of the exploits IE has are because it's so inter twind with the OS. I bet there are still many hacks not found in the wild in IE.
	to forum · permalink · · 2003-07-26 14:36:38 ·
nil Java Geek join:2000-11-27	Okay, sure, why not.. There's one way to about it.. See my new post in the other thread. -- Life is too short to be boring
nil Java Geek join:2000-11-27	to forum · permalink · · 2003-07-26 14:40:06 ·
Marilla I Am My Own Arbiter Premium join:2002-12-06 Belpre, OH	I'm VERY busy this weekend, and as I noted in the thread, I've not used Javascript for much other than form validation and simply redirection of the browser... but when I get time, I'll work on a 'proof of concept' post in the forum you linked, NIL. And btw, thank you for taking time out for this.. I, too, am very interested in the outcome since I run my own custom forum system myself; I thought I had taken care of a lot of malicious possible uses before... but we'll see Perhaps someone will get to a 'proof of concept' before I do.. we'll just see.
	to forum · permalink · · 2003-07-26 15:25:34 ·


Sunday, 08-Nov 21:49:59	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF