Create an Account
username: password:
 
  MemeStreams Logo

Exploitable Dialog Vulnerablity? Not really!

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Exploitable Dialog Vulnerablity? Not really!
Topic: Technology 12:31 pm EDT, Jun 24, 2005

Secunia Research has discovered a vulnerability in various browsers, which can be exploited by malicious web sites to spoof dialog boxes.

The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site.

Here is a full summary of the attack:

-Standard Anchor tag in some original page has http://www.victim.com in HREF attribute. Clicking on it opens link as normal, in tab, new window, whatever.

-Anchor tag also has an ONCLICK attribute, that runs some javascript when clicked

-Javascript opens a very small attackwindow off the completely off the screen (varies with browsers).

-The page opened in attack can be located anywhere on the Internet. It has a reference to original (which called it) gives original focus, thereby hiding attack from user's view.

-attack uses timer to wait some specified value. Duringthis time http://www.victim.com finishes loading into normal. attack then opens a dialog box.

-If the user hasn't gone crazy switching windows, tabs, etc. normal should be the top most window, with a dialog box from
attack floating on it. attack is hidden off screen or under everything.

-Any info user enters into this dialog can be processed by attack, since it spawned the box!

Acidus' Assessment: Cool, but not dangerous. You are very limited in Javascript about the types of dialog boxes you can open for the user. None of them even remotely look like an authenication box, and only one input field can be on a dialog. To get a username password you would have to pop 2 windows sequentially. Very suspect.

Exploitable Dialog Vulnerablity? Not really!



 
 
Powered By Industrial Memetics
RSS2.0