Comments on: JavaScript Embedded in Homepage Links in Firefox http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox Internet Security Consultant Services of West Virginia Wed, 08 Feb 2012 09:58:47 +0000 hourly 1 http://wordpress.org/?v= By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-622 Anonymous Sun, 07 Feb 2010 00:29:33 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-622 <p>interesting find, sounds like it be possible to insert multiple bookmarks, aside from javascript?</p> interesting find, sounds like it be possible to insert multiple bookmarks, aside from javascript?

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-621 Anonymous Sat, 06 Feb 2010 23:47:23 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-621 <p>Works for me in FF… But what are the security implications of this??</p> <p>Thanks,<br /> Nilesh</p> Works for me in FF… But what are the security implications of this??

Thanks,
Nilesh

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-620 Anonymous Sat, 06 Feb 2010 23:40:31 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-620 <p>Yeh, it splits the pages with a pipe… and well, pipes get urlencoded if present in a random URL. I don’t see any problems with this.<br /> I already tried something like: document.location site.com; sleep X seconds then alert document.cookie<br /> - if the alert comes first (empty), site.com then opens under it<br /> - if site.com opens first, it wipes out the alert and the cookie never pops up.<br /> I don’t see any other stuff you could pull off from this…</p> Yeh, it splits the pages with a pipe… and well, pipes get urlencoded if present in a random URL. I don’t see any problems with this.
I already tried something like: document.location site.com; sleep X seconds then alert document.cookie
- if the alert comes first (empty), site.com then opens under it
- if site.com opens first, it wipes out the alert and the cookie never pops up.
I don’t see any other stuff you could pull off from this…

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-619 Anonymous Sat, 06 Feb 2010 22:55:26 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-619 <p>@ams,</p> <p>If FF *is* using pipes as delimiters in its bookmark file (Note: I haven’t checked/don’t show an interest to look :), and you can insert pipes in a bookmark, you may be able to inject other bookmarks by appending them to the end of your url. I remember seeing some old voting poll exploits circa 1999 doing this with a flat file DB that was pipe delimited.</p> @ams,

If FF *is* using pipes as delimiters in its bookmark file (Note: I haven’t checked/don’t show an interest to look :) , and you can insert pipes in a bookmark, you may be able to inject other bookmarks by appending them to the end of your url. I remember seeing some old voting poll exploits circa 1999 doing this with a flat file DB that was pipe delimited.

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-618 Anonymous Sat, 06 Feb 2010 21:57:00 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-618 <p>This is because you can set multiple webpages as “home page” in Firefox (so that when you open it, all of these are opened each in its own tab), and when you do they’re stored internally as a list of URLs separated by pipe characters.<br /> That’s also why the XSS alert box shows up in its own tab in this example.</p> This is because you can set multiple webpages as “home page” in Firefox (so that when you open it, all of these are opened each in its own tab), and when you do they’re stored internally as a list of URLs separated by pipe characters.
That’s also why the XSS alert box shows up in its own tab in this example.

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-617 Anonymous Sat, 06 Feb 2010 21:41:23 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-617 <p>works in FF 3.5.7 without safe mode and noscript disabled</p> <p>tried various ways to drop down a new line in ie7 to pull off the same thing, but no luck<br /> and maybe get this script to run by itself and hope people just click ok?</p> works in FF 3.5.7 without safe mode and noscript disabled

tried various ways to drop down a new line in ie7 to pull off the same thing, but no luck
and maybe get this script to run by itself and hope people just click ok?

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-616 Anonymous Sat, 06 Feb 2010 21:41:12 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-616 <p>If to take into consideration that pipe is the way firefox team has chosen to separate multiple pages when bookmarking them, then it is not unusual behavior. But what about safety. Anyone can use several ways how to make to execute javascript:[code].<br /> PS: yes, NoScript is blocking that.</p> If to take into consideration that pipe is the way firefox team has chosen to separate multiple pages when bookmarking them, then it is not unusual behavior. But what about safety. Anyone can use several ways how to make to execute javascript:[code].
PS: yes, NoScript is blocking that.

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-615 Anonymous Sat, 06 Feb 2010 21:38:20 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-615 <p>No worky in Chrome …drat.</p> No worky in Chrome …drat.

]]> By: Anonymous http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/comment-page-1#comment-614 Anonymous Sat, 06 Feb 2010 20:57:10 +0000 http://www.securitt.com/javascript-embedded-in-homepage-links-in-firefox/#comment-614 <p>works for me with Firefox 3.6, without safe mode <img src='http://ha.ckers.org/blog/wp-includes/images/smilies/icon_biggrin.gif' alt=':D' class='wp-smiley' /> nice</p> works for me with Firefox 3.6, without safe mode :D nice

]]>