lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070112033415.29232.qmail@securityfocus.com>
Date: 12 Jan 2007 03:34:15 -0000
From: bugtraq@...hag.de
To: bugtraq@...urityfocus.com
Subject: Re (3): Circumventing CSFR Form Token Defense

Sorry, this was worded in a very bad way, as my whole reply:

When writing my first message i wanted to express I could not test this with IE: I simply thought IE would not offer the possibility to render pages in objects. This is obviously wrong, although there seems to be a bug in IE (try it yourself: http://phihag.de/security/ie_iterate_freeze/ ) causing my experiments to fail. Upon rewriting the text too late (like now ;) ) "tested with" became  the final, totally senseless version I posted. I just tested it, it seems there is entirely no way to even address an object's contents if it is in the same domain (at least when it's embedded as the standard says). 

Just a little thought: Is there any possibility to fire up a text-reading ActiveX-Control (IE itself, some XML parsing modules?) in an object and read the content from outside?

(BTW: This would be primarily an UXSS but not a CSFR attack, as the whole scenario I described in the first message)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ