JavaScript's "Same Origin Policy" (XWT Foundation Security Advisory)

Koos Vriezen koos.vriezen at xs4all.nl
Wed Jul 31 13:53:39 BST 2002


On Wed, 31 Jul 2002, Vadim Plessky wrote:

> ______________________________________________________________________________
> Abstract
>
> The following exploit constitutes a security flaw in JavaScript's
> "Same Origin Policy" (SOP) [1]. Please note that this is *not* the
> IE-specific flaw reported in Februrary [2].
>
> The exploit allows an attacker to use any JavaScript-enabled web
> browser behind a firewall to retrive content from (HTTP GET) and
> interact with (HTTP <form/> POST) any HTTP server behind the
> firewall. If the client in use is Microsoft Internet Explorer 5.0+,
> Mozilla, or Netscape 6.2+, the attacker can also make calls to SOAP or
> XML-RPC web services deployed behind the firewall.

Is this really a JS flaw, or is there something with the DNS lookup wrong?
IMHO a DNS server should never respond with a private ip address, after
forwarding a request to a non-private DNS server.
Don't know if I can configure bind that way...

Regards,

Koos Vriezen





More information about the kfm-devel mailing list