lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201202270850.q1R8oa42014440@sf01web3.securityfocus.com>
Date: Mon, 27 Feb 2012 08:50:36 GMT
From: mkey@...email.hu
To: bugtraq@...urityfocus.com
Subject: FrameJammer DOM based XSS

Software:FrameJammer 
Author:Hal Pawluk
Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste.

Problem:
FrameJammer does not validate user input (Window.Location) and therefore it contains a DOM Based XSS vulnerability.

PoC:
http://<url>?javascript:alert(123)~<frame-name>

I did not contact with the author. His website is down and I am not in the possession of his contact information.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ