Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
Page 1 of 1
Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
If you don’t remember, there was an important XSS vulnerability reported in all major browsers a while ago - IE7, Firefox and Opera. More Information is available in the Secunia advisories here. The vulnerability was that if you don’t specify a charset in your application page, then it is susceptible to inherit the charset in the parent page via iframes. So, if you accidently land on an evil site, an attacker might be able to steal your application session since your usual XSS prevention stuff [<,>,",',etc] will not filter the utf-7 encoded chars and XSS will execute in your vulnerable domain. Proof of Concept that works in IE7 but not in IE8 -
http://www.securethoughts.com/security/ie8utf7/ie7utf-7.html
This vulnerability was patched in Firefox 2.0.0.2, Opera 9.20 and recently in Internet Explorer 8. Ideally, we should not be vulnerable to this attack anymore. However, I have found a way to attack the fix that was done in Internet Explorer 8. I have tested it working with IE8 RC1 and final release version IE8.0.6001.18702. I call this a “Local Redirection Attack”.
The attack works as follows:
http://www.securethoughts.com/security/ie8utf7/ie7utf-7.html
This vulnerability was patched in Firefox 2.0.0.2, Opera 9.20 and recently in Internet Explorer 8. Ideally, we should not be vulnerable to this attack anymore. However, I have found a way to attack the fix that was done in Internet Explorer 8. I have tested it working with IE8 RC1 and final release version IE8.0.6001.18702. I call this a “Local Redirection Attack”.
The attack works as follows:
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
» Exploiting a cross-site scripting vulnerability on Facebook
» FreeBSD <= 6.1 Local Root Vulnerability
» FreeBSD 7.2 local root vulnerability (0day) demo
» Exploiting DNSbased Trust Relationships On The Web
» Exploiting a cross-site scripting vulnerability on Facebook
» FreeBSD <= 6.1 Local Root Vulnerability
» FreeBSD 7.2 local root vulnerability (0day) demo
» Exploiting DNSbased Trust Relationships On The Web
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum