Re: Cross Context Scripting with Sage

[bugtraq () cgisecurity net]

You'd be surprised just how many reader applications (remote and local) are affected by this issue. 

Besides the obvious zone context risks with these types of vulnerabilities you also can execute CSRF 
attacks against a wide user audience. One of the more interesting things that you can do involving 
RSS/Atom/Any Feed involves when a website uses a feed in order to display dynamic content, as well as
those creating feeds from another feed. 

For those interested my blackhat slides can be found below, along with the occupying whitepaper.


Paper: 
http://www.spidynamics.com/assets/documents/HackingFeeds.pdf

Slides: 
http://www.cgisecurity.com/papers/RSS-Security.ppt

RSS Security Repository:
http://www.cgisecurity.com/rss/


- Robert
http://www.cgisecurity.com/ Website Security news and more
http://www.cgisecurity.com/index.rss [RSS Feed]


> Cross Context Scripting in Firefox Sage Extension.
> http://www.gnucitizen.org/blog/cross-context-scripting-with-sage
>
> This proves that Firefox Extensions can be as dangerous as random
> flash or quicktime media files. Moreover, the POC provides a real
> example of how RSS feed Hacking really works.
>
> -- 
> pdp (architect)
> http://www.gnucitizen.org

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using 
manual processes, or by using automated systems and tools. Watchfire's 
"Web Application Security: Automated Scanning or Manual Penetration 
Testing?" whitepaper examines a few vulnerability detection methods - 
specifically comparing and contrasting manual penetration testing with 
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------