Changes between Version 2 and Version 3 of Ticket #1859
- Timestamp:
- 2012-11-15T04:15:46Z (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1859 – Description
v2 v3 1 1 **Proof of Concept Attack** 2 2 3 The following proof of concept shows how an html file loaded from any domain into (some) browsers with javascript enabled can inject an attacker controlled script into a grid, and *then*cause the user to execute that script in the domain of the grid:3 The following proof of concept shows how an html file loaded from any domain into (some) browsers with javascript enabled can inject an attacker controlled script into a grid, and //then// cause the user to execute that script in the domain of the grid: 4 4 5 5 {{{ … … 55 55 **Related Tickets**: 56 56 57 * #615 is about illicitly gaining victim capabilities; whereas this ticket is about bootstrapping an dattack and/or abusing ambient authority.57 * #615 is about illicitly gaining victim capabilities; whereas this ticket is about bootstrapping an attack and/or abusing ambient authority. 58 58 * #1215 is about adding CORS support and how that may create a vulnerability; this script demonstrates even without CORS support similar vulnerabilities already exist.
