sven.vetsch@xxxxxxxxxxxxx wrote: > Sorry about that but that's wrong. All the credits have to go to > Stefano Di Paola and Giorgio Fedon. They presented that stuff at the > 23C3 in Berlin. the original paper is located here http://events.ccc.de/congress/2006/Fahrplan/events/1602.en.html probably Stefano and Giorgio will post something on their site http://www.wisec.it/ (!hey i'm waiting too stefano : D) the technique exposed is really really neat but was only one of that has been presented at ccc in that talk (UXSS was used as an attack vector to inject JS to wrap/tamper xmlhttprequest and if the users had a proxy on his side http response splitting was used in conjunction to some keepalive bugs to "tilt" the browser cache to cause cross domain scripting, all this was autoinjecting) yeah it needs some conditions (a proxy with keepalive) but this is a bomb itself : ) from the pdf: Ajax Security, Universal Cross Site Scripting, Code Injection, Cache Poisoning, Prototype Hijacking, Auto Injecting Cross Domain Scripting anyway i expect to see something like an advisory/paper posted somewhere soon from the wisec staff because it's obvious that the ccc pdf isn't enough to metabolize all that stuff regards, Francesco 'ascii' Ongaro http://www.ush.it/ ps: flash 8 is fixed : )
