Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Is OWASP vulnerable ??
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 10 Mar 2007 15:15:54 -0600

--On March 10, 2007 9:23:45 AM -0800 Scarlet Pimpernel <kishfellow () yahoo com> wrote:

Hello all,

There is an undefined function in OWASP website's javascript code
(wikibits.js)
called wgBreakFrames. This can cause potential damage to the site if
used maliciously.

http://www.owasp.org/skins/common/wikibits.js

start of code:

if (wgBreakFrames) {
// Un-trap us from framesets
if (window.top != window) {
window.top.location = window.location;
}
}

end of code

Apparently you don't understand the difference between a variable and a function. wgBreakFrames is a variable that can be defined elsewhere. Without looking at the entire site, I assume that wgBreakFrames gets defined as "true" in those places where they don't want their pages trapped inside someone else's frame.

Given the syntax of this function, wgBreakFrames can only have one of two values: true or false.

I'd be interested to see some POC that would show how you would exploit this.

Paul Schmehl (pauls () utdallas edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]