Home page logo

fulldisclosure logo Full Disclosure mailing list archives

KDE 3.2.2 (sarge) Konqueror suffers XSS vuln.
From: "Yanosz" <yanosz () gmx net>
Date: Wed, 27 Oct 2004 15:45:21 +0200

Package: Konqueror
Version: 3.2.2-1 (sarge)
Severity: Important

In contrast to other browsers like firefox, Konqueror allows JavaScript to 
access other frames in a frameset, loaded with from different (sub)domain. By 
that enclosed / secret data can be read through a hidden frameset.
See http://groenndemon.de/bla for demonstration.

(I'd like also to thank the webmaster for motivating me to explore that issue 
and setting a wegpage up for demonstration)

(Translation: Action Ändern -> Change action
Passwort klauen -> steel password
Abschicken -> submit)

Please verify this issue on other versions - 3.1.4 seems to be affected as 

Keep smiling

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]