Archive for the 'XSS' Category

Yet again, more Google XSS problems

Tuesday, January 16th, 2007

//I’ll compile some more info regarding the latest Google XSS news.  

In what seems to be an exploit searching frenzy, Haochi uncovered another XSS vulnerability that easily and without the victims consent can steal cookies and hijack your Google account.  Like the last two found (within in the last 16 days), the bad guy only has to host a website and get someone to visit.

I will not give you details as to how the exploit works until it has been fixed — but I can tell you that it is extremely easy for anyone who knows HTML to exploit.

I highly recommend making sure you are completely logged out of your Google account while browsing the internet until we have an official statement from Google stating their security team has thoroughly reviewed every Google property for these types of vulnerabilities.  If Google needs help, I’m sure Haochi and Tony would be up for the challenge!

Posted in XSS | No Comments »

Universal PDF XSS

Monday, January 15th, 2007

##Update!
 ##As of Sunday, January 14, 2007
##Adobe has launched the patch for the recently discovered security flaw in their acrobat
##software application. The company added that the flaw affected Acrobat Standard,
##Professional, and Elements in versions 7.08 and older. Adobe further confirmed that the
##recently launched version 8.0 was not affected by this flaw and the users are not required
##to download any patch. The company also added that the Acrobat 3D was also at risk but
##gave few details on the versions affected by the flaw. This flaw was related to a technique
##known as cross-site scripting which allowed hackers to mix malicious JavaScript with a link
##to a PDF file on a website.

Quickview:

Input passed to a hosted PDF file is not properly sanitised by the browser plug-in
before being returned to users. This can be exploited to execute arbitrary script code in
a user’s browser session in context of an affected site.Example:
- http://[host]/[filename].pdf#[some text]=javascript:[code]

The Universal PDF XSS issue was discovered by Stefano Di Paola and Giorgio Fedon and it was presented on 23C3 security conference. This vulnerability obviously affects the Adobe Acrobat Reader which is a widely used software among business, non-business organizations and individuals. By abusing Acrobat’s open parameter features well protected sites become vulnerable to Cross-site scripting attacks if they host PDF documents. This is pretty bad and unless you update your reader or change the way your browser handles PDF documents, you may get hacked quite badly. This issue is very serious.

The way attackers use PDF documents to execute… [read more at the original source]

Posted in Exploits, XSS | No Comments »