Zpět na seznam článků     Zpět na článek

Komentáře ke článku

 
 
 BBCode
tomy | 88.212.36.*10.6.2011 22:24
ahoj ;) ja len z uhla pohladu anglictinara ti chcem povedat, ze mas tam zopar chybyciek... asi najviac bijuca je czenglish fraza, ktorej urcite ziaden native neporozumie
"what everything attacker can?" radsej by som to prepisal na: "what can attacker do" ;) inac supaer
trivvial | E-mail | ICQ 2353983566.6.2011 18:27
@.cCuMiNn. :
PenTestIT Post Of The Day: FFFjacking File From Frame hiJacking — PenTestIT [link]
loool :D 2.6 to citam tu a 6.6 z twittru, gj .cCuMiNn.
PoC ??? dont think so | 93.131.35.*2.6.2011 13:40
There is a flaw in your assumption: file://///something.com/ does nothing if there is no host named "something.com" ... so that flaw is no flaw at all. Local Restrictions are less hard than internet restrictions ... and because of that you can have iframes pointing to local folders.
Another Problem is that you just can reach the same language if you want to reach the users profile ... dont know if "%userprofile%" would work in here, but if you say "document and ..." you will miss a lot of possible victims.

Greetz
FFX

Stránky: 1