Comments on: Window name trick

By: Gareth Heyes

Gareth Heyes — Wed, 29 Oct 2008 23:02:07 +0000

name is a string like any other variable string but is passed between windows. So if you assign something to name in one site or window and then move to another site you can still get the contents of name.

By: bender

bender — Wed, 29 Oct 2008 22:15:03 +0000

i dont see how javascript is executed using the javascript can be executed in window.name..can you explain please?

By: Gareth Heyes

Gareth Heyes — Fri, 07 Sep 2007 23:54:27 +0000

The PHPIDS has since fixed the problem, I haven’t tested the window.name exploit but I’m sure it works.

By: Gareth Heyes

Gareth Heyes — Fri, 07 Sep 2007 23:52:47 +0000

Mario nice! Good tool!

By: .mario

.mario — Fri, 07 Sep 2007 22:18:43 +0000

I’ve recently updated the PHP Charset Encoder with some new candy - including an easy ‘name’ tool. It’s not as powerful as Giorgio’s hackademix redirector but might be quite useful in combination with the other features. Use responsible

http://h4k.in/encoding/

By: raaka

raaka — Fri, 07 Sep 2007 17:30:45 +0000

hi Gareth
window.name=”javascript:alert((window.opener||window).document.cookie);”;
is this working on IE7 ?
my browserint responding..

By: Gareth Heyes

Gareth Heyes — Fri, 07 Sep 2007 10:38:26 +0000

Regards to the spam protection, I have recently updated my plugin so you should now be able to post in IE7, sorry about that.

By: Gareth Heyes

Gareth Heyes — Fri, 07 Sep 2007 00:28:27 +0000

My mistake I thought Giorgio Maone because he was mentioned as the inventor on Sirdarckcat’s blog.

I don’t really care how old it is though, I didn’t know about it and I’m sure a few others didn’t either. You shouldn’t be able to inject javascript on one site and read it from another, so regardless if it is being used anywhere to maintain state it should be fixed.

Sorry to hear about the spam issue, please could you give me more details on your configuration so I can look into it. Thanks.

By: digi7al64

digi7al64 — Fri, 07 Sep 2007 00:20:07 +0000

… this is old, really old. Also you would suprised at the number of places that use it to maintain browser state on cookieless connections.

Also Giorgio Maone certainly didn’t invent it.

http://www.criticalsecurity.net/lofiversion/index.php/t5089.html (read second post from the bottom [I was testing it as an attack storage space back in 2005])

http://www.securitytracker.com/alerts/2005/May/1013914.html [back in 2005 - used as a operator to determine if hack should occur])

[-BTW: IF THIS POST APPEARS PLEASE FIX YOUR ANTI SPAM STUFF - IT WON'T LET ME POST WITH IE7... WITH JAVASCRIPT TURNED ON -]

By: Gareth Heyes

Gareth Heyes — Thu, 06 Sep 2007 14:13:46 +0000

Hi raaka

Which item are you referring to? window.name or URL=name?