[Full-disclosure] Cross-Site Scripting attacks via redirectors in different browsers
- From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Sep 2009 21:34:03 +0300
I already sent this letter to Bugtraq at 6th of September, but they declined
to post it without any explanation - maybe it was due to some politic
reasons :-). Will see how it'll be with your list.
At the end of July I published my article Cross-Site Scripting attacks via
redirectors (http://websecurity.com.ua/3376/). And at 4th of August I
published English version of my article (http://websecurity.com.ua/3386/).
In this article I wrote about using of redirectors in different browsers for
conducting of Cross-Site Scripting attacks.
In the article I wrote about XSS attacks in location-header and
refresh-header redirectors in different browsers: Mozilla 1.7.x, Mozilla
Firefox 3.x, Internet Explorer (IE6), Opera 9.x and Google Chrome 1.x. And
after additional research in August I found that next browsers are also
vulnerable: Google Chrome 2.x and 3.x, QtWeb, Safari, Opera 10.00 Beta 3,
SeaMonkey, Firefox 3.6 a1 pre, Firefox 3.7 a1 pre, Orca Browser and Maxthon
I wrote about five method of attacks in the article (via location-header and
refresh-header redirectors) - about four of them I already posted in
Bugtraq. In this letter I'll inform you about new vulnerable browsers to
those vulnerabilities which I wrote to Bugtraq before.
So in my article Cross-Site Scripting attacks via redirectors
(http://websecurity.com.ua/3386/) I wrote about five attack vectors:
Attack #2 - via refresh-header redirector to data: URI
Attack #3 - via location-header redirector to data: URI
Attack #4 - via location-header redirector (which use answer "302 Object
Attack #5 - via location-header redirector (which uses any 301 and 302
After first release of the article, I found new vulnerable browsers with
help of Aung Khant from YEHG Team.
The next browsers are also vulnerable:
Mozilla Firefox 3.0.13 - vulnerable to attacks #2,3,4.
Google Chrome 220.127.116.11, 18.104.22.168 and 22.214.171.124 Beta - vulnerable to
QtWeb 3.0 Build 001 and 3.0 Build 003 - vulnerable to attacks #1,2,3.
Safari 4.0.3 - vulnerable to attacks #1,2.
Opera 10.00 Beta 3 Build 1699 - vulnerable to attacks #1,3.
SeaMonkey 1.1.17 - vulnerable to attacks #1,2,4.
Firefox 3.6 a1 pre - vulnerable to attacks #1,2,3,4.
Firefox 3.7 a1 pre - vulnerable to attacks #2,3,4.
Orca Browser 1.2 build 5 - vulnerable to attacks #2,3,4.
Maxthon 3 Alpha (126.96.36.199) with Ultramode (Apple’s WebKit emulation) -
vulnerable to attacks #1,2. And also vulnerable to attacks #3,4,5 as
Strictly social XSS.
Maxthon 3 Alpha is only browser vulnerable to attack #5 (for now). Attack #5
is similar to attack #4, just works in all location-header redirectors.
Best wishes & regards,
Administrator of Websecurity web site
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
- Next by Date: [Full-disclosure] List Charter
- Previous by thread: [Full-disclosure] SecurityReason: glibc x<=2.10.1 stdio/strfmon.c Multiple vulnerabilities
- Next by thread: Re: [Full-disclosure] Cross-Site Scripting attacks via redirectors in different browsers