Basic search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23953
HistoryMay 28, 2010 - 12:00 a.m.

Cross Site URL Hijacking by using Error Object in Mozilla Firefox

2010-05-2800:00:00
vulners.com
18

I want to represent a method for performing Cross Site URL Hijacking (which we can call
XSUH) by using the error object of Mozilla Firefox. XSUH attack is used to steal another
website URL. This URL can show the client’s situation on that website, and it can contain
confidential parameters such as session ID as well. There is another useful article with
a similar purpose but with a different approach which is “XSHM” article of CHECKMARX ,
and reading this article is highly recommended to you as well.
As you might know, scripts error handling in Mozilla Firefox is quite useful for the
developers as it can show the exact source of an error with some useful information. Now,
this functionality can be misused to divulge the destination URL after the redirections
(XSUH attack) which can lead to condition leakage or stealing some important parameters
from the URL.

Download From Here: http://soroush.secproject.com/downloadable/XSUH_FF_1.pdf
Or Here: http://0me.me/demo/XSUH/XSUH_FF_1.pdf

Proof of Concept: http://0me.me/demo/XSUH/XSUH_demo_firefox_all_in_1.html

Note: This technique has been tested on Mozilla Firefox 3.6.3, 3.5.9, 3.6.4build5 (26th
May 2010).