SecurityvulnsSECURITYVULNS:DOC:15389Unpatchable Quicktime XSS
More / Resource: http://mxcore.com/?go=forums&thread=103
The QuickTime texttrack exploit might be fixed, but there are many more
methods of executing code via quicktime.
One way, is to make a mx.mov file (in notepad)
This is not a texttrack. Will not be patched in the next version of
Quicktime. So, websites like myspace can't ask "Apple" to fix their own XSS.
The best bet would be to just filter the term "mov" from your site,
completely - just a suggestion.
Code:
<?xml version="1.0">
<?quicktime type="application/x-quicktime-media-link"?>
<embed src="http://website.com/shortfile.mov"
qtnext="javascript:alert('test')"></embed>
Then shortfile.mov must be on the same server as mx.mov
shortfile.mov should also be less than a second long, use the
example.movsupplied with all quicktime versions.
The exploit in this is, quicktime allows XML to run. After the
shortfile.mov(on the same server) is done executing the actual movie,
the qtnext variable
will execute a command. This is used sometimes for advertisements, to show
you a produce then redirect to a website.