lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 14 Mar 2009 23:07:08 +1030
From: Malformation 0000000 <malformation@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: JS-Fun with HTML deprecated tags





Sup FD peoples,

This has probably already been discussed before, but I'm still at a loss as to why PRE, listING and COMMENT allow scripts to be run. I know that PRE has been specifically stated that it will not block all tags, but since listING and COMMENT are now deprecated, why are browsers still allowing Javascript to be run from within them? Doesn't this pose a security vulnerability? I mean, the whole point to the COMMENT tag, is pretty self-explanatory in its name. I'm pretty sure I could google around for a few sites that block javascript being used, but throw them into a listING tag or a COMMENT tag and they'd probably run. Apologies if this has already been discussed...

-Malformation

Proof of concept:

<html>
<body>
<pre>
PRE
<script>alert("vuln!");</script>
</pre>

<listING>
LISTING
<script>alert("vuln!");</script>
</listING>

<XMP>
XMP
<script>alert("vuln!");</script>
</XMP>

<COMMENT>
COMMENT
<script>alert("vuln!");</script>
</COMMENT>

<PLAINTEXT>
PLAINTEXT
<script>alert("vuln!");</script>
</PLAINTEXT>

<code>
CODE
<script>alert("vuln!");</script>
</code>

</body>
</html>
_________________________________________________________________
Find out what’s new with your friends Download the new Windows Live Messenger
http://download.live.com/
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ