mailing list archives
Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING
From: pagvac <unknown.pentester () gmail com>
Date: Sat, 18 Nov 2006 13:43:28 +0000
Correct me if I'm wrong but the following description from
<http://www.securityfocus.com/bid/19928/discuss> is wrong:
"Attacker-supplied HTML and script code would execute in the context
of the affected website"
Code is NOT executed within the context of the affected site but
rather within LOCAL CONTEXT.
I tested this vulnerability myself, and I can confirm that it allows
you to read arbitrary files from the local filesystem by getting
someone to subscribe to your malicious RSS feed (the feed needs to be
read with Sage Firefox extension). The reason for getting scripting in
the local context is because the feed is stored locally, and then the
injected scripting code is executed.
Furthermore David Kierznowski should also be credited with the
discovery of this vulnerability (in addition to pdp and Kevin
Additionally, as an update, there are 2 new cross-context scripting
vulnerabilities found in Sage by David Kierznowski and Rick. Then
again, we have LOCAL CONTEXT SCRIPTING. So forget about restrictions
to running scripts within the context of the vulnerable site:
Finally, I'd like to make clear that Firefox *doesn't* show any
*does*). So when exploiting this cross-context scripting vulnerability
in Sage, Firefox will show NO SECURITY WARNING to the user whatsoever.
More on Firefox not showing security warnings when launching evil HTML
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING pagvac (Nov 18)