Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Anonymized
From: joshua () safeweb com
Date: Sun, 24 Jun 2001 00:04:58 -0400

Thank you for bringing this to our attention.  Unfortunately, due to the
complexity that is javascript, it took us a few days to fix our
interpreter and test it enough to satisfy us.  A new build of safeweb.com
was put up today that fixes the problem described below.  Undoubtably, the
astute readers of bugtraq will be able to come up with other vulnerabilities...
Given enough lead time, we hope to resolve any vulnerabilities that people
present us with.

On Thu, Jun 14, 2001 at 09:04:04PM +0400, Alexander K. Yezhov wrote:

<snip>

Q: Does SafeWEB.com have the same issues?

A:  I had a look at SafeWeb today. Since it uses different approach to
isolate  dangerous  JavaScript  instructions the demo code won't work.
SafeWeb  doesn't  let  the  script to verify if the URL is chained and
correctly intercepts any attempts to change document.location or issue
location.replace  function.  But  the  answer is ... "yes". To let the
demo   script   verify   the  original  URL  we'll  have  to  override
fugunet_fixloc  function.  Then, to redirect current frame to unsecure
location we can use "assign" method.

The current "redirect" demo is available at:

http://tools-on.net/privacy.shtml

(click on the "Go" button below "Holmes/Who" and look at the report)

You can also use direct (temp.) link to the "Who" tool:

http://tools-on.net/privacy.shtml?o=who&t=4557701001675&;

<snip>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]