Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
DOM sandbox challenge
Posted by: Gareth Heyes
Date: July 30, 2010 08:13AM

We have a new challenge!

http://www.businessinfo.co.uk/labs/DomAPI/DomAPI.html

Can you break my DOM sandbox?

More info here:-
http://www.thespanner.co.uk/2010/07/30/sandboxed-dom-api/

It isn't a complete DOM yet but stuff like getElementById, firstChild etc should work. You can set attributes on the HTML element, a onclick event and styles. Past exploits include:-

//Code is already sandboxed so strings would execute (now fixed)
document.getElementById('x').onclick='alert(location)';

//attributes weren't being checked for evil url assignments
document.getElementById('x').onclick=function() { this.href='javascript:alert(location)';}

Have fun!

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote


Sorry, only registered users may post in this forum.