05 July 2009 - Be Secure

Home »

Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla,
Internet Explorer, Opera and Chrome. I wrote about it at my site this Monday
(29.06.2009) and also informed corresponding browsers developers about this
vulnerability.

At 21.04.2009 there was fixed vulnerability in Firefox 3.0.9
(http://www.mozilla.org/security/announce/2009/mfsa2009-22.html), which
allowed to conduct XSS attacks via Refresh header. And as I checked, this
attack is also working in Mozilla, IE6, Opera and Chrome.

XSS:

With request to script at web site:

http://site/script.php?param=javascript:alert(document.cookie)

Which returns in answer the refresh header:

refresh: 0; URL=javascript:alert(doc ... Read more »

Views: 1021 | Added by: apeh1706 | Date: 05 July 2009 | Comments (0)

« July 2009 »
Su	Mo	Tu	We	Th	Fr	Sa
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Login:
Password: