When tolerance causes weakness: the case of injection-friendly browsers

  title={When tolerance causes weakness: the case of injection-friendly browsers},
  author={Yossi Gilad and Amir Herzberg},
We present a practical off-path TCP-injection attack for connections between current, non-buggy browsers and web-servers. The attack allows web-cache poisoning with malicious objects; these objects can be cached for long time period, exposing any user of that cache to XSS, CSRF and phishing attacks. In contrast to previous TCP-injection attacks, we assume neither vulnerabilities such as client-malware nor predictable choice of client port or IP-ID. We only exploit subtle details of HTTP and… CONTINUE READING


Publications citing this paper.


Publications referenced by this paper.
Showing 1-10 of 10 references

Same Origin Policy for JavaScript

  • J. Ruderman
  • https://developer.mozilla.org/En/Same_origin_…
  • 2001
Highly Influential
6 Excerpts