Bugtraq mailing list archives

Re: Universal XSS with PDF files: highly dangerous

From: ascii <ascii () katamail com>
Date: Wed, 03 Jan 2007 19:01:02 +0100

sven.vetsch () disenchant ch wrote:

Sorry about that but that's wrong. All the credits have to go to
Stefano Di Paola and Giorgio Fedon. They presented that stuff at the
23C3 in Berlin.


the original paper is located here

http://events.ccc.de/congress/2006/Fahrplan/events/1602.en.html

probably Stefano and Giorgio will post something on their site
http://www.wisec.it/ (!hey i'm waiting too stefano : D)

the technique exposed is really really neat but was only one of that
has been presented at ccc in that talk (UXSS was used as an attack
vector to inject JS to wrap/tamper xmlhttprequest and if the users
had a proxy on his side http response splitting was used in conjunction
to some keepalive bugs to "tilt" the browser cache to cause cross domain
scripting, all this was autoinjecting)

yeah it needs some conditions (a proxy with keepalive) but this is a
bomb itself : )

from the pdf: Ajax Security, Universal Cross Site Scripting, Code
Injection, Cache Poisoning, Prototype Hijacking, Auto Injecting Cross
Domain Scripting

anyway i expect to see something like an advisory/paper posted somewhere
soon from the wisec staff because it's obvious that the ccc pdf isn't
enough to metabolize all that stuff

regards,
Francesco 'ascii' Ongaro
http://www.ush.it/

ps: flash 8 is fixed : )

Current thread:

Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous, (continued)
- - - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake (Jan 08)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 08)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Brian Eaton (Jan 09)
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Marvin Simkin (Jan 09)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Ralph Angenendt (Jan 10)
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Guy Podjarny (Jan 08)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Amit Klein (Jan 08)
    - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Tom Spector (Jan 09)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous sven . vetsch (Jan 03)
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous pdp (architect) (Jan 03)
  - Re: Universal XSS with PDF files: highly dangerous ascii (Jan 03)
    - Re: Universal XSS with PDF files: highly dangerous Thierry Zoller (Jan 04)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jean-Jacques Halans (Jan 03)
  - RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Larry Seltzer (Jan 03)
  - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jim Manico (Jan 04)
    - Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous RSnake (Jan 04)
    - Message not available
    - Re: [Full-disclosure] [WEB SECURITY] Universal XSS with PDF files: highly dangerous Jim Manico (Jan 09)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous HASEGAWA Yosuke (Jan 04)
- Re: Universal XSS with PDF files: highly dangerous The Anarcat (Jan 09)
- Re: Universal XSS with PDF files: highly dangerous Jeff Williams (Jan 08)