Yes this is bad!<br><br><div><span class="gmail_quote">On 2/3/07, <b class="gmail_sendername">Michal Zalewski</b> &lt;<a href="mailto:lcamtuf@dione.ids.pl">lcamtuf@dione.ids.pl</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Sat, 3 Feb 2007, Michal Zalewski wrote:<br><br>&gt;&nbsp;&nbsp; xmlhttp.open(&quot;GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n&quot;, &quot;x&quot;,true);<br><br>Funny enough, Paul Szabo was quick to point out that Amit Klein found the
<br>same vector that I used here for client-side backdoors in May 2006 (still<br>not patched?! *shrieks in horror*), but for cache poisoning:<br><br>&nbsp;&nbsp;&quot;IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)&quot;
<br>&nbsp;&nbsp;<a href="http://www.securityfocus.com/archive/1/434931">http://www.securityfocus.com/archive/1/434931</a><br><br>This is getting depressing. May 2006.<br><br>/mz<br><br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">
http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com">http://www.goldwatches.com</a><br><a href="http://www.wazoozle.com">http://www.wazoozle.com</a>