An IE Browser is EVEN exploitible on DSL Reports

Marilla I Am My Own Arbiter Premium join:2002-12-06 Belpre, OH	reply to nil Re: An IE Browser is EVEN exploitible on DSL Repor I'm VERY busy this weekend, and as I noted in the thread, I've not used Javascript for much other than form validation and simply redirection of the browser... but when I get time, I'll work on a 'proof of concept' post in the forum you linked, NIL. And btw, thank you for taking time out for this.. I, too, am very interested in the outcome since I run my own custom forum system myself; I thought I had taken care of a lot of malicious possible uses before... but we'll see Perhaps someone will get to a 'proof of concept' before I do.. we'll just see.
	to forum · permalink · · 2003-07-26 15:25:34 ·
nil Java Geek join:2000-11-27	reply to Sarick Okay, sure, why not.. There's one way to about it.. See my new post in the other thread. -- Life is too short to be boring
	to forum · permalink · · 2003-07-26 14:40:06 ·
Sarick It's Only Logical Premium join:2003-06-03 USA ·FrontierNet Intern..	reply to nil I would love to see both parties that debute over this some more. One person says it's exploitible the other says it's not. My problem is I can't argue with anyone I don't program Java Script. A couple of people tend to think it's still open for debate. I do miss your insite. After all it's my understanding that your head of this sites web design or have a lot of say on it's design and or performance. Like I said before I try to lock down my system as much as possible. Having an exploit install something is rare but I don't want to deal with to much paranoid issues that could cause brain damage. Most of the exploits IE has are because it's so inter twind with the OS. I bet there are still many hacks not found in the wild in IE.
	to forum · permalink · · 2003-07-26 14:36:38 ·
nil Java Geek join:2000-11-27 Host: Webmasters and Dev.. Forum Feature Requ..	reply to Sarick JavaScript is client side.. hence all the various little tricks you can do with it only work for the person viewing the site.. so yes.. someone could insert an iframe that will display contents of /prof.. but guess whose you will view? Your own.. and you can't view someone elses.. -- Life is too short to be boring
	to forum · permalink · · 2003-07-26 14:25:45 ·
Sarick It's Only Logical Premium join:2003-06-03 USA ·FrontierNet Intern..	reply to nil said by nil : Well.. it really doesn't.. As I explained in that thread.. dslr security is based on more than just the cookie so ability to execute arbitrary javascript isn't exactly a huge security hole. No recheck the topic. A lot of new stuff got added.
	to forum · permalink · · 2003-07-26 14:22:20 ·
nil Java Geek join:2000-11-27 Host: Webmasters and Dev.. Forum Feature Requ..	reply to Sarick Well.. it really doesn't.. As I explained in that thread.. dslr security is based on more than just the cookie so ability to execute arbitrary javascript isn't exactly a huge security hole. -- Life is too short to be boring [text was edited by author 2003-07-26 13:39:47]
	to forum · permalink · · 2003-07-26 13:38:50 ·
Sarick It's Only Logical Premium join:2003-06-03 USA ·FrontierNet Intern..	An IE Browser is EVEN exploitible on DSL Reports I Ask about DSLreports and the possibility of a security risk from clicking on URL links. »DSLreports Clicking a link in forums? Turns out a lot of people didn't even know it existed.. [text was edited by author 2003-07-26 13:37:00]
	to forum · permalink · · 2003-07-26 13:34:29 ·


Wednesday, 25-Nov 18:38:59	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF