Home
Latest images
Search
Register
Log inCross Site URL Hijacking by using Error Object in Mozilla Firefox.
Page 1 of 1
Cross Site URL Hijacking by using Error Object in Mozilla Firefox.
andry Fri Dec 10, 2010 4:19 am
Introduction:
In this paper, I want to represent a method for performing Cross Site URL Hijacking (which we can call XSUH) by using the error object of Mozilla Firefox. XSUH attack is used to steal another website URL. This URL can show the client’s situation on that website, and it can contain confidential parameters such as session ID as well. There is another useful article with a similar purpose but with a different approach which is “XSHM” article of CHECKMARX1, and reading this article is highly recommended to you as well.
As you might know, scripts error handling in Mozilla Firefox is quite useful for the developers as it can show the exact source of an error with some useful information. Now, this functionality can be misused to divulge the destination URL after the redirections (XSUH attack) which can lead to condition leakage or stealing some important parameters from the URL.
Download PDF
In this paper, I want to represent a method for performing Cross Site URL Hijacking (which we can call XSUH) by using the error object of Mozilla Firefox. XSUH attack is used to steal another website URL. This URL can show the client’s situation on that website, and it can contain confidential parameters such as session ID as well. There is another useful article with a similar purpose but with a different approach which is “XSHM” article of CHECKMARX1, and reading this article is highly recommended to you as well.
As you might know, scripts error handling in Mozilla Firefox is quite useful for the developers as it can show the exact source of an error with some useful information. Now, this functionality can be misused to divulge the destination URL after the redirections (XSUH attack) which can lead to condition leakage or stealing some important parameters from the URL.
Download PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics» Cross Site Scripting (XSS) at User-Agent
» Firesheep - Firefox HTTP session hijacking extension
» Cross Context Scripting with Firefox
» Firefox fixes CSS-based cross-origin theft issue
» Webmatic 3.0.3 Multiple cross.site scripting
» Firesheep - Firefox HTTP session hijacking extension
» Cross Context Scripting with Firefox
» Firefox fixes CSS-based cross-origin theft issue
» Webmatic 3.0.3 Multiple cross.site scripting
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|