Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Safari 3.1.1 Multiple Vulnerabilities for windows

from [jplopezy] Network Security [Permanent Link]
Subject: Safari 3.1.1 Multiple Vulnerabilities for windows
Date: 22 Apr 2008 17:48:35 -0000 
I found a number of flaws in the browser Safari 3.1.1. 

The first is a way to make spoofing ( "falsify direction"). Is that as we all 
know many browser to put eg 

A@domain.com 

This attempt to connect to the domain after the @ user and use the first word 
or letters that we have, this is not today because it is obvious that the first 
two are together and the second most of the browser asks for permission to such 
action. What's going on safari in this technique that makes it possible to do 
this not just to you and asks permission to enter site, the second is that 
there is some character who safari interprets as "invisible" by creating a link 
with that of user domain fake followed by a large number of characters 
"invisible" and lastly with the @ domain to enter this will lead to 
falsification of the site.

Another flaw is that the safari when writing on the same page with a 
"document.write" with an infinite while this may result in the browser is 
broken, causing the following fall 

Access violation when writing to [0FDFFFEE]

Finally there is a certain character that causes safari break when it comes to 
making a link to "file: / /" this creates the following as a result fails 

Access violation when reading [00000004]

Good will leave the proof of concept

http://es.geocities.com/jplopezy/pruebasafari3.html

And the greetings!

Juan Pablo Lopez Yacubian

fuzzertina.blogspot.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Safari 3.1.1 Multiple Vulnerabilities for windows, jplopezy <=
Previous by Date:  [Full-disclosure] [USN-602-1] Firefox vulnerabilities, Jamie Strandboge
Next by Date:  Firefox 3.0 beta 5 crash, jplopezy
Previous by Thread:  [Full-disclosure] IMF 2008 - 2nd Call for Papers, Oliver Goebel
Next by Thread:  Firefox 3.0 beta 5 crash, jplopezy
Indexes:  [Date] [Thread] [Top] [All Lists]