procheckup logo
sidebar_boxes_image

Contact Us

Find out more information about ProCheckUp click here.


sidebar_boxes_image

Services

Find out more about ProCheckUp services here.


sidebar_boxes_image

Events

  • PCI DSS User Group meeting

    Neira Jones will be speaking on Barclaycards current approach to PCI and offering advice and guidance to merchants.

Click here to see more events.

Vulnerabilities 2009


PR09-13 Internet Explorer version 8 Cross Site Scripting Filter can be bypassed using text files


  • Advisory publicly released: Friday, 9 October 2009
  • Vulnerability found: Friday, 2 October 2009
  • Severity level: Medium
  • Credits
    Richard Brain and Jan Fry of ProCheckUp Ltd (www.procheckup.com)
  • Description
    Internet Explorer versions 8 and 7, incorrectly handle text files by running JavaScript contained within the file.

    By embedding malicious code within text files, innocuous text files can be used to carry out attacks against viewers of the file.

    This issue has been previously reported:-
    http://connect.microsoft.com/IE/feedback/ViewFeedback.aspx?FeedbackID=354921

    By accessing the following hosted text file

    1. "<script>alert(1)</script>

    Internet explorer 7/8 interprets the embedded code, and executes the script.
  • Proof of concept
    Save the following text as a file 3.txt :-
    1. "<script>alert(1)</script>

    http://target-domain.foo/3.txt
  • How to fix
    Treat even the most benign files with suspicion; inspect the file contents for malicious code if possible.
  • Consequences
    Attackers can force the victim's web browser to run malicious code, to install XSS frameworks and carry out CSRF (Cross Site Request Forgery) attacks.

    A demonstration of a XSS is below :-
    http://www.youtube.com/watch?v=8eWPwlD9rH4
  • References


    http://www.youtube.com/watch?v=8eWPwlD9rH4


  • Legal
    Copyright 2009 ProCheckUp Ltd. All rights reserved.

    Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if the Bulletin is not changed or edited in any way, is attributed to ProCheckUp indicating this web page URL, and provided such reproduction and/or distribution is performed for non-commercial purposes.

    Any other use of this information is prohibited. ProCheckUp is not liable for any misuse of this information by any third party. ProCheckUp is not responsible for the content of external Internet sites.