[nycphp-talk] NYPHP cringed at AJAX almost a year ago.... now JS exploit "level 3"
inforequest
1j0lkq002 at sneakemail.com
Thu Oct 13 22:56:56 EDT 2005
I was at a meeting of NYPHPers a long time ago when some stuff was
discussed that has since become part of "AJAX". I consider everyone at
that dinner table to be a primo technologist, but some of them are truly
outstanding programmers too :-)
When some clever new JS cross-server stuff was dissected in discussion,
and it appeared that it was a "feature" made from what everybody
recognized to be an XSS hole, some of the faces were really interesting.
Kinda like "well, you really don't want to leave that open, but if it's
open, yeah, I guess you could do that".
Since then we have AJAX everywhere. And now we have a hack that's being
called a new "level 3" exploit. See http://e-scribe.com/news/103 and
http://namb.la/popular/tech.html
I guess we all knew THAT would happen, right? ;-)
-=john andrews
http://www.seo-fun.com
More information about the talk
mailing list