what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Oracle JRE SOP Bypass
Posted Oct 20, 2010
Authored by Roberto Suggi Liverani | Site security-assessment.com

Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin (SOP) policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address. This advisory includes a Proof-of-Concept (PoC) demo and Java Applet source code. This demonstrates how the security vulnerability can be exploited to leak cookie information to an unauthorised domain, which resides on the same host IP address.

tags | exploit, java
advisories | CVE-2010-3573
SHA-256 | 4dcd25f8fbcc43667adcc8e79c63a682a5cf651dd1ff009fd78b5a68c1584959
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close