[WEB SECURITY] Re: Cross-Site Scripting attacks via redirectors

MustLive mustlive at websecurity.com.ua
Sun Aug 23 16:40:01 EDT 2009


Hello participants of Mailing List.

Here is new information for my article Cross-Site Scripting attacks via
redirectors (http://websecurity.com.ua/3386/) about different vulnerable
browsers.

In my article I wrote about four attack vectors:

Attack #1 -  via refresh-header redirector to javascript: URI.

Attack #2 -  via refresh-header redirector to data: URI.

Attack #3 -  via location-header redirector to data: URI.

Attack #4 -  via location-header redirector (which use answer "302 Object
moved") to javascript: URI.

As I wrote first, there were vulnerable the next browsers (for some of this
four attacks): Mozilla 1.7.x, Mozilla Firefox 3.0.8, Mozilla Firefox 3.0.12,
Internet Explorer 6, Opera 9.52 and Google Chrome 1.0.154.48.

Later I found new vulnerable browsers. As I checked, Mozilla Firefox 3.0.13
is also vulnerable to attacks #2,3,4.

As I found with help of Aung Khant from YEHG Team, the next browsers are
also vulnerable:

Firefox 3.6 a1 pre - vulnerable to attack #4.

Google Chrome 2.0.172.28 and 3.0.193.2 Beta - vulnerable to attacks #1,2.

QtWeb 3.0 Build 001 and 3.0 Build 003 - vulnerable to attacks #1,2,3.

Safari 4.0.3 - vulnerable to attacks #1,2.

Opera 10.00 Beta 3 Build 1699 - vulnerable to attacks #1,3.

SeaMonkey 1.1.17 - vulnerable to attacks #1,2,4.

Orca Browser 1.2 build 5 - vulnerable to attack #4.

So there are a lot of browsers which are vulnerable to JavaScript code 
execution via redirectors.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: MustLive
To: <websecurity at webappsec.org>
Sent: Tuesday, August 04, 2009 11:31 PM
Subject: Cross-Site Scripting attacks via redirectors


> Hello participants of Mailing List.
>
> At the end of July I published my article Cross-Site Scripting attacks via
> redirectors (http://websecurity.com.ua/3376/). And today I published
> English version of my article (http://websecurity.com.ua/3386/).
>
> In this article I wrote about using of redirectors in different browsers
> for conducting of Cross-Site Scripting attacks.


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list