Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein

anonymous_at_anonymous.com
Date: 09/27/05

Next message: Francisco Amato: "[ISR] - Novell GroupWise Client Integer Overflow"

Previous message: Martin Pitt: "[USN-187-1] Linux kernel vulnerabilities"
Maybe in reply to: Amit Klein (AKsecurity): ""Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein"
Next in thread: Yutaka OIWA: "Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Sep 2005 03:19:23 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) Another way to spoof a Referer header using XMLHTTP is to do something like this:
xmlhttp.SetRequestHeader("Referer:", "http://some.referer.com");

Note that the ':' after the Referer does the trick here. If this is not present IE ignores this header.
Thanks!

Next message: Francisco Amato: "[ISR] - Novell GroupWise Client Integer Overflow"

Previous message: Martin Pitt: "[USN-187-1] Linux kernel vulnerabilities"
Maybe in reply to: Amit Klein (AKsecurity): ""Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein"
Next in thread: Yutaka OIWA: "Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]