GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« TrustKeeper Scan Engine Update - November 26, 2012 | Main | [Honeypot Alert] User-Agent Field XSS Attacks »

29 November 2012

Comments

it is easily to bypass if an attackr created a new iframe elements. and they can do everything over that window.
but hacker is always knownless to us. so we can hide this script well. lucky:)
xhr is not a good way to make a notificate. websocket is much more better:)

Excellent post.

I also like the fact that your example is using Omniture. A multitude of sites are vulnerable because of how they've included Omniture.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment