Posts

Showing posts from September, 2012

Cross Domain Data Access via JavaScript: window.open

The Analysis In 2008, we prepared a quick short demo  about "Cross-Domain Autcomplete Data Access" or " How Bad Guys Steal your Login Info Smartly ".  Let's learn about another not-so-old cross-domain vulnerability in Firefox 4 - Firefox 11 discovered by  Jordi Chancel, Eddy Bordi, and  Chris McGowen .  The bug relied on the Firefox's  processing of the JavaScript "window.open()" API.   The   proof-of-concept exploit   comprised of two components: A client-side page   that does a redirection trick with JavaScript API - history.back(), history.forward() and  A server-side page   that does a redirection trick with  JavaScript API - history.forward()  and a server-side timing redirection to an ARBITRARY web site  Brandon the  explained the root cause in a simple way in the  Bugzilla  post: When using window.open and some APIs to navigate the opened document, it is possible to navigate the opened document to a different

Jumping out of Touch Screen Kiosks

Image
Background: Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.   Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs. Weakness: Jumping out We cannot use  iKat  at first as we do not have access to any keyboard facility. However, the trick is no-brainer. Do long press on any locations and relieve.  You should see the usual Flash context menu like: Touch "Global Settings".  A web browser window will pop up and redirect to the Adobe URL,  http://www.macromedia.c