[25236] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

De-anonymizer

daemon@ATHENA.MIT.EDU (Berend-Jan Wever)
Wed Apr 24 13:09:05 2002

Date: 23 Apr 2002 10:26:12 -0000
Message-ID: <20020423102612.18178.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Berend-Jan Wever <skylined@edup.tudelft.nl>
To: bugtraq@securityfocus.com

I have "hacked" my way out of anonymizer with Cross-site 
scripting:
http://anon.free.anonymizer.com/http://spoor12.edup.tudelft.
nl/SkyLined/docs/de_anonymizer.labs.html

It uses a &lt;SCRIPT&gt; tag without a closing &lt;/SCRIPT&gt; tag to 
fool anonymizer into allowing an onError event to pass 
filters. This allows me to execute javascript with obvious 
security breaches.

Anonymizer was informed of the situation.

Kind regards,

Berend-Jan Wever
http://spoor12.edup.tudelft.nl


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25236] in bugtraq

De-anonymizer

daemon@ATHENA.MIT.EDU (Berend-Jan Wever)Wed Apr 24 13:09:05 2002

daemon@ATHENA.MIT.EDU (Berend-Jan Wever)
Wed Apr 24 13:09:05 2002