Re (3): Circumventing CSFR Form Token Defense

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re (3): Circumventing CSFR Form Token Defense
From: bugtraq@xxxxxxxxx
Date: 12 Jan 2007 03:34:15 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Sorry, this was worded in a very bad way, as my whole reply:

When writing my first message i wanted to express I could not test this with 
IE: I simply thought IE would not offer the possibility to render pages in 
objects. This is obviously wrong, although there seems to be a bug in IE (try 
it yourself: http://phihag.de/security/ie_iterate_freeze/ ) causing my 
experiments to fail. Upon rewriting the text too late (like now ;) ) "tested 
with" became  the final, totally senseless version I posted. I just tested it, 
it seems there is entirely no way to even address an object's contents if it is 
in the same domain (at least when it's embedded as the standard says). 

Just a little thought: Is there any possibility to fire up a text-reading 
ActiveX-Control (IE itself, some XML parsing modules?) in an object and read 
the content from outside?

(BTW: This would be primarily an UXSS but not a CSFR attack, as the whole 
scenario I described in the first message)

Prev by Date: [USN-406-1] OpenOffice.org vulnerability
Next by Date: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue
Previous by thread: [USN-406-1] OpenOffice.org vulnerability
Next by thread: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue
Index(es):
- Date
- Thread