One is about a problem where many programmers have not given no attention. It engloba a bigger number of attacks beyond scripts; one is about one used technique for many types of attacks that try to explore the confidence between an user and a site. The problem appears when a long ago trustworthy site incorporates in itself proper dynamic data supplied by its users without verifying these inputs full. Badly-intentioned users can explore this problem supplying given to the site who finish presenting shown unexpected collateral effect when being. These effect normally involve the sending of data when cracker by means of one another less safe site, even so they can (in rare cases) use the site in itself to transmit the information. That is, through a code in the malicious HTML or XML, aggressor it can use tags that they can bring a serious comprometimento of the system. An aggressor can make a victim to send its data for the program. Then the program has that to be apt to protecting the victim of it. Much thing is for still happening... Without more, André Luiz Rodrigues Ferreira Carol - Depto. de Informática - Orlandia-SP-Brasil alrferreiraat_private - http://freecode.linuxsecurity.com.br Leia: http://www.linuxsecurity.com.br/sections.php?op=listarticles&secid=10 Sem mais,
This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 13:06:35 PST