lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 11 Aug 2007 15:09:59 -0000
From: laurent.gaffie@...il.com
To: bugtraq@...urityfocus.com
Subject: Safari for windows remote arbitry file upload

Product: Safari browser for windows
Tested on: Last version ( 3.0.3 )
Download url :http://www.apple.com/safari/
Demo url: http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_672x416.mov
Bug: Remote arbitry file upload
Impact: Critical
Fix Available: No

-------------------------------------------------------

1) Introduction
2) Bug
3) Proof of concept
4) Conclusion

===============
1) Introduction
===============

"Now you can enjoy worry-free web browsing on any computer.
Apple engineers designed Safari to be secure from day one."

======
2) Bug
======
safari browser doesn't prompt for a download, it just download the file and send it directly 
on the desktop, which is totally unsecure on a windows operating system.


==================
3)proof of concept
==================
http://dams083.free.fr/tmp/index.php
( will upload a .pif directly on your desktop without any prompt ... )



=============
4) Conclusion
=============
Any potentially dangerous file should be prompted(like .exe , .com , .pif , etc ) 
before uploading the file .

regards laurent gaffié

Powered by blists - more mailing lists