[Full-disclosure] Misunderstanding Javascript injection: A paper on web application abuse via Javascript injection
Tim Brown
netsys at machine.org.uk
Sat Jan 28 12:52:46 GMT 2006
Hi,
I've just released a paper (to be found at
http://www.nth-dimension.org.uk/news/entry.php?e=156579087) which covers two
issues with Javascript injection that I've recently been playing with. That
of Javascript injection via CSS manipulation and further more the use of AJAX
within injection points. I realise that perhaps neither are massively new
(certainly the MySpace worm touches on the AJAX issues discussed) but I found
it interesting and hope others may do too.
Tim
--
Tim Brown
<mailto:tmb at 65535.com>
--
Tim Brown
<mailto:netsys at machine.org.uk>
<http://www.machine.org.uk/>
Full-Disclosure is hosted and sponsored by Secunia.