[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond

From: "Amit Klein (AKsecurity)" <aksecurity@xxxxxxxxxx>
Subject: Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
Date: Thu, 03 Aug 2006 00:36:14 +0200

On 2 Aug 2006 at 10:37, Achim Hoffmann wrote:

> 
> with XMLHttpRequest's open you either can pass username and password as
> part of the URL (user:pass@http:/....), or use open() with username and
> password parameter. In both cases XMLHttpRequest inserts the Authorization
> header in the final request.
> If the credentials are wrong, the server responds with 401, usually, then
> you get the browser's popup window.
> 
> Amit, do you say that Flash shows the popup window itself?
>

Yes, at least with Flash 8 and IE 6.0.

-Amit

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- RE: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  - From: Amit Klein (AKsecurity)
- Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
  - From: Achim Hoffmann

Prev by Date: [WEB SECURITY] XSS at Netcraft.com
Next by Date: Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
Previous by thread: Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
Next by thread: Re: [WEB SECURITY] JavaScript Malware, port scanning, and beyond
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site