[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cross Site URL Hijacking by using Error Object in Mozilla Firefox

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cross Site URL Hijacking by using Error Object in Mozilla Firefox
From: subs@xxxxxxxxxxxx
Date: 27 May 2010 10:22:23 -0000

I want to represent a method for performing Cross Site URL Hijacking (which we 
can call XSUH) by using the error object of Mozilla Firefox. XSUH attack is 
used to steal another website URL. This URL can show the client?s situation on 
that website, and it can contain confidential parameters such as session ID as 
well. There is another useful article with a similar purpose but with a 
different approach which is ?XSHM? article of CHECKMARX , and reading this 
article is highly recommended to you as well.
As you might know, scripts error handling in Mozilla Firefox is quite useful 
for the developers as it can show the exact source of an error with some useful 
information. Now, this functionality can be misused to divulge the destination 
URL after the redirections (XSUH attack) which can lead to condition leakage or 
stealing some important parameters from the URL.

Download From Here: http://soroush.secproject.com/downloadable/XSUH_FF_1.pdf
Or Here: http://0me.me/demo/XSUH/XSUH_FF_1.pdf

Proof of Concept: http://0me.me/demo/XSUH/XSUH_demo_firefox_all_in_1.html

Note:  This technique has been tested on Mozilla Firefox 3.6.3, 3.5.9, 
3.6.4build5 (26th May 2010).

Prev by Date: FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient
Next by Date: EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
Previous by thread: FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient
Next by thread: EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
Index(es):
- Date
- Thread