[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAJ5ndoyryWmLeftE2QD53ueT=2ZygzeDytebfyHGsi-a21UJXg@mail.gmail.com>
Date: Tue, 14 Apr 2015 21:34:54 +0900
From: Takeshi Terada <mbsdtest01@...il.com>
To: bugtraq@...urityfocus.com, fulldisclosure@...lists.org
Subject: [FD] whitepaper: Identifier based XSSI attacks
Hello list members,
We released a new technical whitepaper titled:
"Identifier based XSSI attacks"
CVE numbers:
CVE-2014-6345, CVE-2014-7939
URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf
Introduction:
-------------------------------
Cross Site Script Inclusion (XSSI) is an attack technique (or a
vulnerability) that enables attackers to steal data of certain types
across origin boundaries, by including target data using SCRIPT tag in
an attacker's Web page as below:
<!-- attacker's page loads external data with SCRIPT tag -->
<SCRIPT src="http://target.example.jp/secret"></SCRIPT>
For years, XSSI has been known among Web security researchers that
JavaScript file, JSONP and, in certain old browsers, JSON data are
subject to this type of information theft attacks. In addition, some
browser vulnerabilities, that allow attackers to gain information via
JavaScript error messages, have been discovered and fixed in the past.
In 2014, we conducted research on this old topic and discovered some
new attack techniques and browser vulnerabilities that allow attackers
to steal simple text strings such as CSV, and more complex data under
certain circumstances. In the research, we mainly focused on a method
of stealing data as a client side script's identifier (variable or
function name).
In this paper, we first describe these attack techniques / browser
vulnerabilities in the next section and then discuss countermeasures
for these issues.
-------------------------------
Other white papers released last year are available here:
http://www.mbsd.jp/insight.html
- Attacking Android browsers via intent scheme URLs
http://www.mbsd.jp/Whitepaper/IntentScheme.pdf
- FilterExpression Injection attacks against ASP.NET applications
http://www.mbsd.jp/Whitepaper/FilterExpression.pdf
--
Takeshi Terada @ Mitsui Bussan Secure Directions, Inc.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists