Use any free PHP hosting as an ultra-fast HTTP proxy

Use any free PHP hosting as an ultra-fast HTTP proxyIf you're not a US resident, you know how annoying the Internet can be sometimes. All those "US only" sites really manage to get under my skin. Especially when it's the really good ones that block access, like Pandora or Hulu, for example. T ...http://feedproxy.google.com/~r/Own-thenet-WebApplicationSecurityAndSeo/~3/Zf0dOnM3n6A/news_Use-any-free-PHP-hosting-as-an-ultra-fast-HTTP-proxy_24.htmlhttp://own-the.net/news_Use-any-free-PHP-hosting-as-an-ultra-fast-HTTP-proxy_24.htmlProblems with DNS rebinding demoIt's my fault this thing won't work on IE as planned. Apparently, IE doesn't allow "third party cookies" by default. For instance, cookies that are set by an image that is hosted on another domain. So if I put the following c ...http://feedproxy.google.com/~r/Own-thenet-WebApplicationSecurityAndSeo/~3/ObAIfZuLaEs/news_Problems-with-DNS-rebinding-demo_23.htmlhttp://own-the.net/news_Problems-with-DNS-rebinding-demo_23.htmlDNS Rebinding PoCIt took me longer than I expected, but I finally made it work. In short, this proof of concept uses the browser cache along with DNS Rebinding in order to circumvent the Same Origin Policy of the XMLHttpRequest object. After a successful exe ...http://feedproxy.google.com/~r/Own-thenet-WebApplicationSecurityAndSeo/~3/4lOZ6FH4pUw/news_DNS-Rebinding-PoC_22.htmlhttp://own-the.net/news_DNS-Rebinding-PoC_22.htmlDNS Rebinding (or what's left of it)DNS rebinding has been a widely known issue since 1996. 12 years later, the attack is still alive. I've spent quite some time researching what's still left of the attack, and did find out that most known vectors were patched or mitigated by ...http://feedproxy.google.com/~r/Own-thenet-WebApplicationSecurityAndSeo/~3/Qtg0nP20Gq4/news_DNS-Rebinding-or-what039s-left-of-it_21.htmlhttp://own-the.net/news_DNS-Rebinding-or-what039s-left-of-it_21.htmlDigg.com transparent iframe CSRF PoCAs I promised here yesterday, here is your working PoC: A page that diggs itself Or a ...http://feedproxy.google.com/~r/Own-thenet-WebApplicationSecurityAndSeo/~3/7vZ1qTADa70/news_Diggcom-transparent-iframe-CSRF-PoC_20.htmlhttp://own-the.net/news_Diggcom-transparent-iframe-CSRF-PoC_20.htmlOwn-the.net - Web application security and SEO A blog about findings in web application security, search engine oprimization and everything in between. http://own-the.net