Posts

Showing posts from September, 2012

Cross Domain Data Access via JavaScript: window.open

The Analysis
In 2008, we prepared a quick short demo  about "Cross-Domain Autcomplete Data Access" or "How Bad Guys Steal your Login Info Smartly". 
Let's learn about another not-so-old cross-domain vulnerability in Firefox 4 - Firefox 11 discovered by Jordi Chancel, Eddy Bordi, and Chris McGowen.  The bug relied on the Firefox's  processing of the JavaScript "window.open()" API.   Theproof-of-concept exploitcomprised of two components: A client-side pagethat does a redirection trick with JavaScript API - history.back(), history.forward() and A server-side pagethat does a redirection trick with  JavaScript API - history.forward()  and a server-side timing redirection to an ARBITRARY web site Brandon the explained the root cause in a simple way in the Bugzilla post: When using window.open and some APIs to navigate the opened document, it is possible to navigate the opened document to a different site, while the location bar doesn't stay in sync w…

Jumping out of Touch Screen Kiosks

Image
Background:

Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.  

Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs.

Weakness: Jumping out

We cannot use iKat at first as we do not have access to any keyboard facility.
However, the trick is no-brainer.
Do long press on any locations and relieve. You should see the usual Flash context menu like:Touch "Global Settings". A web browser window will pop up and redirect to the Adobe URL,  http://www.macromedia.com/support/document…