I have done some test on the new vulnerability of most common browsers. I tried to get more information on how to fix this. First I tried to get the URL of the popup window, but the problem is that you get your URL, not the URL of the hijacked displayed page, you cannot check if the current page is your page. Also, the HTML code (window.document.body.outerHTML) is the HTML code of your page.
Posted by Michael Schwarz on Thursday, December 9, 2004
Secunia Research has reported a vulnerability, which affects most browsers. The vulnerability can be exploited by a malicious web site to "hi-jack" a named browser window, regardless of which web site is the true "owner" of the window.
Posted by Michael Schwarz on Thursday, December 9, 2004
The last days I had to build a web application with a lot of stored procedures to a SQL Server database. Because I had to change parameters very often I decided to write a simple wrappr for these stored procedures.
Posted by Michael Schwarz on Wednesday, December 8, 2004