Bonus Safari XXE (only affecting Safari 4 Beta)
Page 1 of 1
Bonus Safari XXE (only affecting Safari 4 Beta)
Here's another XXE bug for you (resulting in file theft), just to make the point that this class of bugs is well worth watching out for in client-side applications (such as a browser :)
http://scary.beasts.org/security/CESA-2009-007.html
The good news here is that this WebKit regression was quickly fixed by Apple -- and in time for the Safari 4 final release -- so no production browser should ever have been affected. Just the Safari 4 Beta.
Full credit here to Carlos Pizano who noticed the WebKit regression due to a collision with the Chrome sandbox. I just put together the Safari test case / demo:
https://cevans-app.appspot.com/static/safari4filetheft.xml
http://scary.beasts.org/security/CESA-2009-007.html
The good news here is that this WebKit regression was quickly fixed by Apple -- and in time for the Safari 4 final release -- so no production browser should ever have been affected. Just the Safari 4 Beta.
Full credit here to Carlos Pizano who noticed the WebKit regression due to a collision with the Chrome sandbox. I just put together the Safari test case / demo:
https://cevans-app.appspot.com/static/safari4filetheft.xml
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Key factors affecting to web design
» x5s - Automated XSS testing assistant Updated to v1.0.1 beta
» Secmic 4 Beta 2
» Hacking-Lab LiveCD v2:0 Beta
» IE8 beta RC1 res://ieframe.dll/acr_error.htm Spoff
» x5s - Automated XSS testing assistant Updated to v1.0.1 beta
» Secmic 4 Beta 2
» Hacking-Lab LiveCD v2:0 Beta
» IE8 beta RC1 res://ieframe.dll/acr_error.htm Spoff
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|