For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

A Billion More Laughs: The JavaScript hack that acts like an XML attack

Don is off in Lowell working on a project with our ARX folks so I was working late last night (finishing my daily read of the Internet) and ended up reading Scott Hanselman's discussion of threads ve...
Published Sep 11, 2008
Version 1.0
ajax
application
applications
arx
ASM Advanced WAF
chrome
dev
exploits
http
ie8
Lori_MacVittie's avatar
Lori_MacVittie
Icon for Employee rankEmployee
Sep 12, 2008
@7rans

 

 

That's a great point. I was actually thinking about that late yesterday. If you control the parsing, you control the stack, so you control how many iterations of the same piece of code is executed. Doesn't seem like rocket science at all.

 

 

I say that blithely because *I* don't have to implement it. ;-) I seem to recall that writing compilers was ... interesting if not a bit frustrating.