Does anyone know if Microsoft have patched this yet? On Wed Feb 04 2015 at 09:05:26 David Leo <david....@deusen.co.uk> wrote:
> Microsoft was notified on Oct 13, 2014. > > Joey thank you very much for your words. > > Kind Regards, > > On 2015/2/3 4:53, Joey Fowler wrote: > > Hi David, > > > > "nice" is an understatement here. > > > > I've done some testing with this one and, while there /are/ quirks, it > most definitely works. It even bypasses standard HTTP-to-HTTPS restrictions. > > > > As long as the page(s) being framed don't contain X-Frame-Options > headers (with `deny` or `same-origin` values), it executes successfully. > Pending the payload being injected, most Content Security Policies are also > bypassed (by injecting HTML instead of JavaScript, that is). > > > > It looks like, through this method, all viable XSS tactics are open! > > > > Nice find! > > > > Has this been reported to Microsoft outside (or within) this thread? > > > > -- > > Joey Fowler > > Senior Security Engineer, Tumblr > > > > > > > > On Sat, Jan 31, 2015 at 9:18 AM, David Leo <david....@deusen.co.uk > <mailto:david....@deusen.co.uk>> wrote: > > > > Deusen just published code and description here: > > http://www.deusen.co.uk/items/__insider3show.3362009741042107/ < > http://www.deusen.co.uk/items/insider3show.3362009741042107/> > > which demonstrates the serious security issue. > > > > Summary > > An Internet Explorer vulnerability is shown here: > > Content of dailymail.co.uk <http://dailymail.co.uk> can be changed > by external domain. > > > > How To Use > > 1. Close the popup window("confirm" dialog) after three seconds. > > 2. Click "Go". > > 3. After 7 seconds, "Hacked by Deusen" is actively injected into > dailymail.co.uk <http://dailymail.co.uk>. > > > > Technical Details > > Vulnerability: Universal Cross Site Scripting(XSS) > > Impact: Same Origin Policy(SOP) is completely bypassed > > Attack: Attackers can steal anything from another domain, and inject > anything into another domain > > Tested: Jan/29/2015 Internet Explorer 11 Windows 7 > > > > If you like it, please reply "nice". > > > > Kind Regards, > > > > > > _________________________________________________ > > Sent through the Full Disclosure mailing list > > https://nmap.org/mailman/__listinfo/fulldisclosure < > https://nmap.org/mailman/listinfo/fulldisclosure> > > Web Archives & RSS: http://seclists.org/__fulldisclosure/ < > http://seclists.org/fulldisclosure/> > > > > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/