Internet Explorer 8 and NoScript View Source Bugs
Page 1 of 1
Internet Explorer 8 and NoScript View Source Bugs
The first bug is in Internet Explorer 8. Internet Explorer has a typical null byte bug that makes it truncate the new view source function upon reaching a null byte. So if you were to go to a page that had a null byte in the middle of it, the rest of the page wouldn’t pop up. This is not true if you use an external editor or their new nifty Developer Tools functionality, but not many people do either of those. This doesn’t appear to affect any other Internet Explorer version that I looked at.
Next is a bug in NoScript for Firefox. If you enable JavaScript (imagine it’s a site you trust or are forced to enable for various functionality) and POST some data from one page to another and then view source you’ll notice that instead of it sending a POST request it sends a GET request. I have no idea why, but it can be detected and in the case of seeing a GET request on a page that requires a POST the page can modify it’s resultant source code.
Both of these bugs I find to be fairly minor, but it’s just another reason you can’t trust browsers to present you with all the facts of the situation unless you really know what you’re doing. There’s a demo of the code here if you want to test it yourself (again, only works in IE8.0 or in Firefox with NoScript enabled). In either case you must enable JavaScript for it to work. If I don’t post before then and you celebrate it.
Source ha.ckers Blog
Next is a bug in NoScript for Firefox. If you enable JavaScript (imagine it’s a site you trust or are forced to enable for various functionality) and POST some data from one page to another and then view source you’ll notice that instead of it sending a POST request it sends a GET request. I have no idea why, but it can be detected and in the case of seeing a GET request on a page that requires a POST the page can modify it’s resultant source code.
Both of these bugs I find to be fairly minor, but it’s just another reason you can’t trust browsers to present you with all the facts of the situation unless you really know what you’re doing. There’s a demo of the code here if you want to test it yourself (again, only works in IE8.0 or in Firefox with NoScript enabled). In either case you must enable JavaScript for it to work. If I don’t post before then and you celebrate it.
Source ha.ckers Blog
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Abusing Internet Explorer 8's XSS Filters
» Internet Explorer considered harmful
» Windows XP Internet Explorer 8,7 .HLP vulnerability
» 0day Internet Explorer Exploit Released
» Internet explorer pwned Avant Browser
» Internet Explorer considered harmful
» Windows XP Internet Explorer 8,7 .HLP vulnerability
» 0day Internet Explorer Exploit Released
» Internet explorer pwned Avant Browser
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|