Does anyone know if Microsoft have patched this yet?
On Wed Feb 04 2015 at 09:05:26 David Leo david@deusen.co.uk wrote:
Microsoft was notified on Oct 13, 2014.
Joey thank you very much for your words.
Kind Regards,
On 2015/2/3 4:53, Joey Fowler wrote:
Hi David,
nice is an
Hi Joey,
In my research I found out that the 'x-frame-options' solution doesn't
protect against session hijacking via session cookie theft. It is very
important that you also need to add 'HttpOnly' flags on all cookies.
I've published an overview of my research, additional mitigations and
...@securitytracker.com;
bugt...@securityfocus.com; cve-ass...@mitre.org
Subject: Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
Hi David,
Nice oneā¦great find! And thanks Joey for confirming the bypass of
HTTP-to-HTTPS restrictions.
I can confirm that this also affects Spartan Browser (Experimental
is this entirely an IE flaw, or is it tied to the use of Cloudflare by
the targeted site as well as the attacking site?
No, this is entirely an IE flaw. I've repro'd on domains that I know don't
use cloudflare, from a domain that doesn't use cloudflare.
There's a great teardown on this POC by
Hi David.
When I tried to reproduce it using code hosted on one of my domains, I
tried three variations of what I assumed at the time the PHP code from
the original was:
?php
usleep(300);
header(Location: http://www.dailymail.co.uk/;);
die();
?
?php
sleep(3);
header(Location:
So here's a possibly stupid question: is this entirely an IE flaw, or is
it tied to the use of Cloudflare by the targeted site as well as the
attacking site?
I ask because:
1 - I tried to reproduce the attack in a number of ways without using
CloudFlare, and was unsuccessful.
2 - Since I
Hi David,
nice is an understatement here.
I've done some testing with this one and, while there *are* quirks, it most
definitely works. It even bypasses standard HTTP-to-HTTPS restrictions.
As long as the page(s) being framed don't contain X-Frame-Options headers
(with `deny` or `same-origin`
Deusen just published code and description here:
http://www.deusen.co.uk/items/insider3show.3362009741042107/
which demonstrates the serious security issue.
Summary
An Internet Explorer vulnerability is shown here:
Content of dailymail.co.uk can be changed by external domain.
How To Use
1.