Showing posts from September, 2012

Cross Domain Data Access via JavaScript:

The Analysis
In 2008, we prepared a quick short demo  about "Cross-Domain Autcomplete Data Access" or "How Bad Guys Steal your Login Info Smartly". 
Let's learn about another not-so-old cross-domain vulnerability in Firefox 4 - Firefox 11 discovered by Jordi Chancel, Eddy Bordi, and Chris McGowen.  The bug relied on the Firefox's  processing of the JavaScript "" API.   Theproof-of-concept exploitcomprised of two components: A client-side pagethat does a redirection trick with JavaScript API - history.back(), history.forward() and A server-side pagethat does a redirection trick with  JavaScript API - history.forward()  and a server-side timing redirection to an ARBITRARY web site Brandon the explained the root cause in a simple way in the Bugzilla post: When using and some APIs to navigate the opened document, it is possible to navigate the opened document to a different site, while the location bar doesn't stay in sync w…

Jumping out of Touch Screen Kiosks


Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.  

Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs.

Weakness: Jumping out

We cannot use iKat at first as we do not have access to any keyboard facility.
However, the trick is no-brainer.
Do long press on any locations and relieve. You should see the usual Flash context menu like:Touch "Global Settings". A web browser window will pop up and redirect to the Adobe URL,…