The Extended HTML Form Attack Revisited

The Extended HTML Form Attack Revisited
BugsAlert Home > The Extended HTML Form Attack Revisited




LinuxSecurity.com: "HTML forms (i.e. ) are one of the features in HTTP that allows users to send data to HTTP servers. An often overlooked feature is that due to the nature of HTTP, the web browser has no way of identifying between an HTTP server and one that is not an HTTP server. Therefore web browsers may send this data to any open port, regardless of whether the open port belongs to an HTTP server or not. Apart from that, many web browsers will simply render any data that is returned from the server. Have you ever heard about the extended HTML form attack? What can web developer do? This article looks into this attack and how attackers can use it. Original Source: http://www.linuxsecurity.com/content/view/138790?rdf Learn more about The Extended HTML Form Attack Revisited


Tags: extended html form attack revisited

Related Items
CuteNews Arbitrary File Download AllVersion
Brief: Washington AG files spyware lawsuits
Debian: New asterisk packages fix denial of service
Mandriva: Subject: [Security Announce] [ MDVSA-2008:176 ] mtr
rPath Linux Security Update Fixes Rsync Security Bypass Vulnerabilities
FrSIRT - Ubuntu Security Update Fixes OpenOffice Code Execution Issues
Fedora 9 Update: postfix-2.5.5-1.fc9