BugTraq
Universal XSS with PDF files: highly dangerous Jan 03 2007 02:20AM
pdp (architect) (pdp gnucitizen googlemail com) (5 replies)
Re: Universal XSS with PDF files: highly dangerous Jan 08 2007 07:27PM
The Anarcat (anarcat anarcat ath cx)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 04 2007 10:00AM
HASEGAWA Yosuke (yosuke hasegawa gmail com)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 03 2007 09:54PM
Jean-Jacques Halans (halans gmail com) (2 replies)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 04 2007 12:44AM
Jim Manico (jim manico net) (1 replies)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 04 2007 01:08AM
RSnake (rsnake shocking com)
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 03 2007 11:22PM
Larry Seltzer (Larry larryseltzer com)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 03 2007 08:37AM
sven vetsch disenchant ch (2 replies)
Re: Universal XSS with PDF files: highly dangerous Jan 03 2007 06:01PM
ascii (ascii katamail com)
sven.vetsch (at) disenchant (dot) ch [email concealed] wrote:
> Sorry about that but that's wrong. All the credits have to go to
> Stefano Di Paola and Giorgio Fedon. They presented that stuff at the
> 23C3 in Berlin.

the original paper is located here

http://events.ccc.de/congress/2006/Fahrplan/events/1602.en.html

probably Stefano and Giorgio will post something on their site
http://www.wisec.it/ (!hey i'm waiting too stefano : D)

the technique exposed is really really neat but was only one of that
has been presented at ccc in that talk (UXSS was used as an attack
vector to inject JS to wrap/tamper xmlhttprequest and if the users
had a proxy on his side http response splitting was used in conjunction
to some keepalive bugs to "tilt" the browser cache to cause cross domain
scripting, all this was autoinjecting)

yeah it needs some conditions (a proxy with keepalive) but this is a
bomb itself : )

from the pdf: Ajax Security, Universal Cross Site Scripting, Code
Injection, Cache Poisoning, Prototype Hijacking, Auto Injecting Cross
Domain Scripting

anyway i expect to see something like an advisory/paper posted somewhere
soon from the wisec staff because it's obvious that the ccc pdf isn't
enough to metabolize all that stuff

regards,
Francesco 'ascii' Ongaro
http://www.ush.it/

ps: flash 8 is fixed : )

[ reply ]
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 03 2007 10:27AM
pdp (architect) (pdp gnucitizen googlemail com)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 03 2007 05:17AM
Amit Klein (aksecurity gmail com) (1 replies)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 03 2007 06:15PM
Amit Klein (aksecurity gmail com) (1 replies)
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jan 03 2007 10:03PM
pdp (architect) (pdp gnucitizen googlemail com)


 

Privacy Statement
Copyright 2010, SecurityFocus