lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070103165648.371186@host90-255-dynamic.54-82-r.retail.telecomitalia.it>
Date: Wed, 03 Jan 2007 19:01:02 +0100
From: ascii <ascii@...amail.com>
To: bugtraq@...urityfocus.com,  full-disclosure@...ts.grok.org.uk, 
	websecurity@...appsec.org
Cc: pdp.gnucitizen@...glemail.com, sven.vetsch@...enchant.ch
Subject: Re: Universal XSS with PDF files: highly dangerous

sven.vetsch@...enchant.ch wrote:
> Sorry about that but that's wrong. All the credits have to go to
> Stefano Di Paola and Giorgio Fedon. They presented that stuff at the
> 23C3 in Berlin.

the original paper is located here

http://events.ccc.de/congress/2006/Fahrplan/events/1602.en.html

probably Stefano and Giorgio will post something on their site
http://www.wisec.it/ (!hey i'm waiting too stefano : D)

the technique exposed is really really neat but was only one of that
has been presented at ccc in that talk (UXSS was used as an attack
vector to inject JS to wrap/tamper xmlhttprequest and if the users
had a proxy on his side http response splitting was used in conjunction
to some keepalive bugs to "tilt" the browser cache to cause cross domain
scripting, all this was autoinjecting)

yeah it needs some conditions (a proxy with keepalive) but this is a
bomb itself : )

from the pdf: Ajax Security, Universal Cross Site Scripting, Code
Injection, Cache Poisoning, Prototype Hijacking, Auto Injecting Cross
Domain Scripting

anyway i expect to see something like an advisory/paper posted somewhere
soon from the wisec staff because it's obvious that the ccc pdf isn't
enough to metabolize all that stuff

regards,
Francesco 'ascii' Ongaro
http://www.ush.it/

ps: flash 8 is fixed : )

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ