Full Disclosure mailing list archives
Re: Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Mon, 9 Aug 2010 22:02:00 +0200 (CEST)
On Sun, 8 Aug 2010, MustLive wrote:
Also in all versions of Mozilla and Mozilla Firefox it's possible to use another variant of Strictly social XSS - with using of -moz-binding (for Firefox < 3.0 or for Firefox => 3.0 with xml-file on the same site) or with using of onMouseOver: http://site/script.php?param=a:%22%20onMouseOver=%22alert(document.cookie) At moving of the cursor on the link here the code will execute in context of this site.
[...]
This attack is possible only if redirector (with "302 Found" or "302 Object moved" answer) outputs double quote in Location header in plain (not in URL encoding) form.
Would you mind showing us the actual HTTP response generated your script.php, esp. its body? -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers MustLive (Aug 08)
- Re: Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers Jan G.B. (Aug 09)
- Re: Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers Pavel Kankovsky (Aug 09)