2009-05-03 00:05:01

Thu, 25 Sep 08 17:37:29 -0600

This is The Bagel, reporting yet another security issue to look out for!
(Google) Chrome and Safari, I have discovered are vulnerable to multiple injections other than the standard nullbyte, line feed, carriage return, and tab.

UPDATE: After some rather creative programming, I have updated the XSS_Protect() function to remove the threat of this injection.

I have determined they are vulnerable to any character Between dec00-16 or hex00-0F

This poses huge XSS security concerns, as most filters do not remove these characters.

The characters can be used to break up a standard "javascript:" injection into a link, (i)frame, etc. To execute malicious script.

Most vulnerable are web applications that get information from GET variables, such as website search features, certain logins, url forwarding, etc.

Keep in mind that POST and COOKIE data is also vulnerable, given the ability to spoof these inputs.

Also, IE is vulnerable to dec00, 9, 10, 11, 12, 13, and 15. Also known as hex00, 09, 0A, 0B, 0C, 0D 0F.

Chrome and Safari are also vulnerable to breaking up JavaScript functions and methods with the nullbye. Potentially exposing more web applications to danger.