"jQuery Migrate" is a Sink, too?!
or How "jQuery Migrate" un-fixes a nasty DOMXSS without telling us.. Foreword Today Mario Heiderich of Cure53 tweeted the following message: "@0x6D6172696F Does anyone know why jquery.com has a special jQuery 1.9.1 version that is still vulnerable to $(location.hash)?" What happened after that message might be considered to be the discovery of a rather interesting bug - which Mario and me will try
The DOMinator Project
Update : DOMinator goes Pro and is now available at the following here Finally DOMinator is public! What is DOMinator? DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOMXss). It is the first runtime tool which can help security testers to identify DOMXss. How it works? It uses dynamic runtime tainting model on strings and can trace b
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
