Full Disclosure mailing list archives
KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
From: "Yanosz" <yanosz () gmx net>
Date: Wed, 27 Oct 2004 15:45:21 +0200
Package: Konqueror Version: 3.2.2-1 (sarge) Severity: Important In contrast to other browsers like firefox, Konqueror allows JavaScript to access other frames in a frameset, loaded with from different (sub)domain. By that enclosed / secret data can be read through a hidden frameset. See http://groenndemon.de/bla for demonstration. (I'd like also to thank the webmaster for motivating me to explore that issue and setting a wegpage up for demonstration) (Translation: Action Ändern -> Change action Passwort klauen -> steel password Abschicken -> submit) Please verify this issue on other versions - 3.1.4 seems to be affected as well. Keep smiling yanosz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Yanosz (Oct 27)
- Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Adeodato Simó (Oct 27)
- Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Yanosz (Oct 27)
- Re: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Yanosz (Oct 27)
- Re: Bug#278518: KDE 3.2.2 (sarge) Konqueror suffers XSS vuln. Adeodato Simó (Oct 27)