Blog:tech
This is a simple tech blog. I am mostly interested in application security, web, technologies... but every time I can, I try to play with some other field I like such as data-mining, graph theory, compilers, languages, etc..Contact:
It's been such a long time since I haven't posted here. I've been quite busy with the new job at Cigital and all the implication.
Anyway, this morning, a collegue of mine show me a piece of javascript he used for create a request to another website (actually, this was just to do a javascript what I did in Python previously). This totally bugged me. He has been able to craft a request (using XHR) from a local file to a distant website... WTF with SOP? After some tests, it seems it's only working with IE7, but well, I didn't test with many browser, only with Firefox 3, Chrome, IE7.
So, I have no idea if this is known for a long time or not, but well, I haven't seen this before.
A simple POC is available here: xhr_SOP_ie7.html
Comments