Коментарі для запису: MOSEB-15: Vulnerabilities at images.google.com http://websecurity.com.ua/1049/ Fri, 12 Mar 2010 00:43:55 +0000 http://wordpress.org/?v=MustLive Edition від: MustLive http://websecurity.com.ua/1049/#comment-47365 Thu, 28 Jun 2007 18:55:14 +0000 http://websecurity.com.ua/1049/#comment-47365 Alex, in this case Same Origin Policy (SOP) prevent access to sibling documents (and attacker can't get cookies). So RXI is less dangerous than other types of XSS, but don't forget about SOP bypassing methods ;) (in particular using bugs in browser to bypass SOP). And there are many others attacks vectors, than cookies stealing. Like XSS for remote controlling, redirecting (as I show in the post) for phishing and others attacks, and especially code execution as I said before. By code execution I mean that bad guys can execute malicious code in user's browser (while hiding behind other site) - it can be used for malware, spyware, viruses, trojans and exploits execution. So number of attacks is limited for RHI/RXI, but still wide. Therefore this type of vulns are dangerous and web developers need to be aware of it. Alex, in this case Same Origin Policy (SOP) prevent access to sibling documents (and attacker can’t get cookies). So RXI is less dangerous than other types of XSS, but don’t forget about SOP bypassing methods ;) (in particular using bugs in browser to bypass SOP).

And there are many others attacks vectors, than cookies stealing. Like XSS for remote controlling, redirecting (as I show in the post) for phishing and others attacks, and especially code execution as I said before. By code execution I mean that bad guys can execute malicious code in user’s browser (while hiding behind other site) - it can be used for malware, spyware, viruses, trojans and exploits execution.

So number of attacks is limited for RHI/RXI, but still wide. Therefore this type of vulns are dangerous and web developers need to be aware of it.

]]> від: Alex http://websecurity.com.ua/1049/#comment-39176 Sun, 17 Jun 2007 07:09:09 +0000 http://websecurity.com.ua/1049/#comment-39176 Malicious code doesn't have access to sibling documents in the frameset because of Single Origin Policy, nor to cookies. That limits the number of attacks which are possible with such XSS. Malicious code doesn’t have access to sibling documents in the frameset because of Single Origin Policy, nor to cookies. That limits the number of attacks which are possible with such XSS.

]]> від: MustLive http://websecurity.com.ua/1049/#comment-39163 Sat, 16 Jun 2007 23:20:21 +0000 http://websecurity.com.ua/1049/#comment-39163 Yes, Alex, Remote HTML Include (RHI) is perfect phishing tool :-). Using a frame in a frameset of other site (for malicious purposes) is hole by design. But in case of malicious purposes this become a real security hole. It is Abuse of Functionality by WASC classification (for RHI), or it is Abuse of Functionality + XSS (for RXI). In case of Remote XSS Include (RXI) it is possible to execute malicious code in browser when user is at another site (so attack is hidden). Two mentioned redirectors are just for an example, that bad guys can redirect visitors. But others attacks are possible, so on the whole it is code execution vulnerability. Yes, Alex, Remote HTML Include (RHI) is perfect phishing tool :-) . Using a frame in a frameset of other site (for malicious purposes) is hole by design. But in case of malicious purposes this become a real security hole. It is Abuse of Functionality by WASC classification (for RHI), or it is Abuse of Functionality + XSS (for RXI).

In case of Remote XSS Include (RXI) it is possible to execute malicious code in browser when user is at another site (so attack is hidden). Two mentioned redirectors are just for an example, that bad guys can redirect visitors. But others attacks are possible, so on the whole it is code execution vulnerability.

]]> від: Alex http://websecurity.com.ua/1049/#comment-37747 Fri, 15 Jun 2007 23:04:13 +0000 http://websecurity.com.ua/1049/#comment-37747 This Remote HTML Include just hijacks a frame in a foreign frameset, doesn't it? Perfect phishing tool. And a funny one, because it's not a bug, it's by design. Good catch! This Remote HTML Include just hijacks a frame in a foreign frameset, doesn’t it? Perfect phishing tool. And a funny one, because it’s not a bug, it’s by design. Good catch!

]]>