Full Disclosure mailing list archives

By Date By Thread whitepaper: Identifier based XSSI attacks From: Takeshi Terada <mbsdtest01 () gmail com>

Date: Tue, 14 Apr 2015 21:34:54 +0900

Hello list members, We released a new technical whitepaper titled: "Identifier based XSSI attacks" CVE numbers: CVE-2014-6345, CVE-2014-7939 URL: http://www.mbsd.jp/Whitepaper/xssi.pdf Introduction: ------------------------------- Cross Site Script Inclusion (XSSI) is an attack technique (or a vulnerability) that enables attackers to steal data of certain types across origin boundaries, by including target data using SCRIPT tag in an attacker's Web page as below: <!-- attacker's page loads external data with SCRIPT tag --> <SCRIPT src="http://target.example.jp/secret"></SCRIPT> For years, XSSI has been known among Web security researchers that JavaScript file, JSONP and, in certain old browsers, JSON data are subject to this type of information theft attacks. In addition, some browser vulnerabilities, that allow attackers to gain information via JavaScript error messages, have been discovered and fixed in the past. In 2014, we conducted research on this old topic and discovered some new attack techniques and browser vulnerabilities that allow attackers to steal simple text strings such as CSV, and more complex data under certain circumstances. In the research, we mainly focused on a method of stealing data as a client side script's identifier (variable or function name). In this paper, we first describe these attack techniques / browser vulnerabilities in the next section and then discuss countermeasures for these issues. ------------------------------- Other white papers released last year are available here: http://www.mbsd.jp/insight.html - Attacking Android browsers via intent scheme URLs http://www.mbsd.jp/Whitepaper/IntentScheme.pdf - FilterExpression Injection attacks against ASP.NET applications http://www.mbsd.jp/Whitepaper/FilterExpression.pdf -- Takeshi Terada @ Mitsui Bussan Secure Directions, Inc. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: whitepaper: Identifier based XSSI attacks Takeshi Terada (Apr 14)