[Full-disclosure] Traversing the Web (the javascript way)

[pdp (architect)]

http://www.gnucitizen.org/blog/traversing-the-web/

The paper that explains the nature of the JavaScript SPIDER can be
found at the location above. In this article I am take the concept of
request proxies further by showing how attackers can use them to write
JavaScript code that can bypass the same origin restriction. You might
be a bit confused with the point of this exercise. I agree that there
are quite a lot of tutorials and frameworks that go into depth of this
subject, however I am the implementation here is a bit different.

This technique together with Google AJAX Search API can be used by
JavaScript based worms to propagate outside of the current domain.

If you have any ideas of how to improve this technique or how to
prevent it from happening, don't hesitate to leave a comment.

-- 
pdp (architect)
http://www.gnucitizen.org