| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 11 Aug 2007 15:09:59 -0000 From: laurent.gaffie@...il.com To: bugtraq@...urityfocus.com Subject: Safari for windows remote arbitry file upload Product: Safari browser for windows Tested on: Last version ( 3.0.3 ) Download url :http://www.apple.com/safari/ Demo url: http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_672x416.mov Bug: Remote arbitry file upload Impact: Critical Fix Available: No ------------------------------------------------------- 1) Introduction 2) Bug 3) Proof of concept 4) Conclusion =============== 1) Introduction =============== "Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one." ====== 2) Bug ====== safari browser doesn't prompt for a download, it just download the file and send it directly on the desktop, which is totally unsecure on a windows operating system. ================== 3)proof of concept ================== http://dams083.free.fr/tmp/index.php ( will upload a .pif directly on your desktop without any prompt ... ) ============= 4) Conclusion ============= Any potentially dangerous file should be prompted(like .exe , .com , .pif , etc ) before uploading the file . regards laurent gaffié
Powered by blists - more mailing lists